WebProNews

Tag: ID

  • Facebook Messenger Will Now Give Context to That Random Person Messaging You

    Facebook has long allowed people to message you even if you’re not friends with them. Oftentimes, those messages wind up in that “Other” inbox inside Messenger. You don’t know what I’m talking about? That’s ok, plenty of Facebook users probably have no idea that they have a whole other inbox full of messages from random stranger, spammers, and more.

    Anyway, it appears that Facebook is looking to be more of an all-encompassing messaging service – not just one for you and your buddies. With an update that’s rolling out on iOS and Android today, Facebook will provide some context for those random people messaging you inside Messenger.

    According to TechCrunch, Facebook will unearth publicly available information about the person messaging you and place it at the top of the message. It’ll display the person’s name, photo, location, and job – as long as they’ve made that information public.

    The new feature isn’t going to trample on privacy controls and show info users have set to private.

    The new feature won’t just pull up this type of info on strangers – it’ll do so with anyone you’ve yet to communicate with on the platform. Even if they’re your friend. Because, let’s face it, you sometimes forgot who the hell you’re friend with on Facebook.

    This isn’t the first time Facebook has given users a sort of Caller ID, or in this case Messenger ID. Last month, Facebook unveiled its Hello app for Android, a caller ID app that also displays a caller’s publicly available Facebook info. The app also makes it easy to block people, based on said info or lack thereof.

    I guess it never hurts to know a little bit about the person who’s spamming you on Facebook.

    Image via Marco Paköeningrat, Flickr Creative Commons

  • Hawaii Woman’s Name Too Long for License

    Hawaii Woman’s Name Too Long for License

    The Hawaii Department of Transportation is changing a policy after Janice “Lokelani” Keihanaikukauakahihuliheekahaunaele’s name was too long to fit on her state identification card and driver’s license. Presently, there’s a 35 character limit on state-issued identification cards, and the 36th letter of Keihanaikukauakahihuliheekahaunaele’s name is cut off, along with her first and middle names. By the end of the year, Hawaii plans to increase the number of characters allowed on ID’s.

    http://www.youtube.com/watch?v=HwjWA5pg-ps

    Keihanaikukauakahihuliheekahaunaele said, “I have had phone calls all day today from all over the world calling me about this story. People are telling me about other people who have just learned about the story and seeing how long my name is. I’m not the only one. I hope that solves problems for other folks in the future.”

    Traditionally, surnames didn’t exist in old Hawaii. Genuine Hawaiian names are unisex, and typically have a clear, literal meaning. For example, “Keanu” means cool mountain breeze. Though, in 1860 King Kamehameha IV signed the Act to Regulate Names. Henceforth, Hawaiians user their father’s first name as their surname, and all babies born had to be given Christian (English) first names. Their given Hawaiian names served as their middle names. This law was repealed in 1967.

    In an email, Keihanaikukauakahihuliheekahaunaele wrote, “You see, to some people in the world, your name is everything. If I say my name to an elder Hawaiian, they know everything about my husband’s family going back many generations … just from the name.”

    The Hawaii DOT will soon allow 40 characters for the first name, 40 characters for the last name, 35 characters for the middle name, and 5 characters for any suffix.

    Image courtesy of YouTube.

  • Yahoo Moves Forward With Account Transfer Plans, Lets Users Make ID Wishlists

    Last month, Yahoo announced its plans to deactivate inactive accounts, and give some more desirable Yahoo IDs and email addresses to loyal users who want them. The thinking is that users will be able to get things like albert@yahoo.com rather than albert48592@yahoo.com.

    Yahoo has been around so long, and so many people who signed up for it years ago have since moved on to other services, and never use their Yahoo accounts anymore. Yahoo wants to let the people that actually do use their accounts have the good IDs.

    Yahoo announced today that it is now letting people create their “wish lists” to get the names they want. Next month, they’ll let users know if they got what they wanted.

    You can fill out your wish list here. You can request your top five choices. If Yahoo determines that it can’t give you your first choice, it will try one of your backups. Then, in mid-August, it will snd you an email letting you know which of your choices are available, and give you a link to claim it. You’ll have 48 hours to do so.

    Yahoo’s plan has drawn some criticism due to security concerns. One noted security expert went so far as to call the whole thing “moronic”.

    Today, Yahoo announced that it will be working with partners like e-commerce and social networking sites on identifying that people are the new owner of a Yahoo username, and not a previous one.

    Yahoo’s Bill Mills describes the process in a blog post. He writes:

    I wanted to share one measure we’re taking to protect the privacy of our users who had an e-mail address that may be re-used, which is a very small percentage of the accounts that we will be recycling. We encourage anyone using e-mail to communicate with their users, especially for e-commerce and recovering their accounts, to adopt this measure to ensure the security of their users.

    To communicate that a username has a new owner to e-commerce sites like “JoesAntiques.com,” or social networking sites like Facebook, we’ll allow them to “ask” for a new type of validation when sending an email to a specific Yahoo! user. The field, which can be requested via an email’s header is called “Require-Recipient-Valid-Since.”

    We feel that our approach, which we’ve worked on with our friends at Facebook, is a good solution for both our users and our partners.

    According to Yahoo, if a Facebook user with a Yahoo email account submits a request to reset their password, Facebook would add the Require-Recipient-Valid-Since header to he reset email, which would signal to Yahoo to check the age of the account before delivering the mail. If the “last confirmed” date that Facebook specifies is before the date of the new Yahoo username ownership, the email will not be delivered and will bounce back to Facebook, who will then contact the user by other means.

    “This example illustrates how Facebook will do this – others will have their rules for determining their age requirement for the recipient / receiving account,” says Mills.

    This, he says, is a new standard being published with the IETF, and Yahoo will be working with partners to implement it. Other email providers can also adopt it, Yahoo suggests.

  • Google’s Open Web Advocate Talks White House Web ID Plan

    As previously reported, the White House is working on a "National Strategy for Trusted Identities in Cyberspace" or NSTIC, in which it has placed the Commerce Department in charge of an "Identity Ecosystem". The initiative has drawn a mixture of praise and criticism, and judging by our own readers’ comments, there is a whole lot of criticism. More on this here.

    Share your thoughts on the White House’s strategy.

     We had a discussion on the subject with Chris Messina, Google’s Open Web advocate. Messina was there when the plan was revealed, and is rather knowledgeable in the subject of online identity (besides working for Google, he’s on the board of the OpenID Foundation, and has worked with Mozilla to produce a concept on implementing identity in the browser called "The Social Agent") , which is why we felt he would be a good person to share his views on the strategy.   

    "As it stands, I can see why people are angry or confused, but, while vague, the NSTIC isn’t as bad as people seem to think — the fact that it’s being run out of commerce means that the government is looking for innovation and competition — not to own these identities," Messina tells WebProNews. "Of course I can’t say what this means about surveillance and security, but anyone who uses a cell phone or hosted email should already understand that they’re susceptible to government wiretaps and data seizure — oftentimes without needing to be informed (Twitter is the rare exception recently). Anyway — if you can pick an identity provider that’s certified to meet certain criteria and that you also trust — that seems win-win to me."

    What the government has suggested appears to be the use of platforms like OpenID. " We need a vibrant marketplace that provides people with choices among multiple accredited identity providers – both private and public – and choices among multiple credentials," said Cybersecurity Coordinator and Special Assistant to President Obama, Howard A. Schmidt, upon the announcement of the plan. "For example, imagine that a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site, and so on, all without having to remember dozens of passwords. Such a marketplace will ensure that no single credential or centralized database can emerge."

    Chris Messina Talks White House Web ID Strategy"The government’s NSTIC plan is designed to promote OpenID and other existing (and not-even-invented) initiatives," explains Messina. "In fact, the NSTIC was written with input from many of these groups including the OpenID Foundation. It went through an open comment period as well — so it’s not as if many of these concerns weren’t raised before. Since the final draft of the NSTIC hasn’t been released yet, I expect many of them will be reflected in the final draft."

    "The NSTIC calls explicitly for the creation of an ‘identity ecosystem’ — fancy words for saying ‘we don’t want a system where there’s only one identity provider’ (least of all the government!),’ Messina continues. "Now, one of the challenges with creating an ‘ecosystem’ is that you end up with potentially non-interoperable solutions, leading to consumer confusion and frustration (think: ‘Sorry, we don’t accept American Express here’). So while the government intends to rely on private industry to develop the technologies and protocols — such as OpenID — that will enable this ecosystem, I believe that the government has a role in placing pressure on the industry to eventually select a set of standards we can all live with."

    "I, for one, would prefer to avoid a government-developed identity standard at a time when industry is rapidly innovating in this space and wants to solve this problem as much as — if not more than — government does," he adds. "But I also know that there are a lot of vested interests that would love to have their pet protocol selected as the gold standard here (pun intended) and that’s going to require leadership, persistence, and an open process so that the best solution(s) to the problem eventually shake out from several years of competition and experimentation."

    A common concern expressed by the public has been along the lines of: a single username and password for all sites is a bad idea, and is not secure, compared to having many usernames and passwords.

    "The user’s concern is valid," says Messina. "One username and password for everything is actually very bad ‘security hygiene’, especially as you replay the same credentials across many different applications and contexts (your mobile phone, your computer, that seemingly harmless iMac at the Apple store, etc). However, nothing in NSTIC advocates for a particular solution to the identity challenge — least of all supporting or advocating for a single username and password per person."

    "In reality, different applications requiring different levels of security, and different behaviors require different kinds of protections," he says. "As Howard A. Schmidt pointed out, for many people, you don’t necessarily want to use the same password that you use for Facebook that you do for your bank. For someone like me, however, where my social media presence is both very important and valuable to me, I want to protect all of my accounts — financial and social networking — equally. So there’s no one-size-fits-all solution, but that’s closer to the reality today — where I as a user often DON’T have a choice about how strong the security deployed to protect my accounts is — versus the future, where we’ll have an ecosystem of identity providers all offering different kinds of protections."

    "To restate this point: when I sign up for an account today, why can’t I choose to login in everywhere with my Google account and then rely on Google’s anti-fraud and second factor authentication features to protect my account? Or, if I’d prefer to use someone other than Google, why can’t I use them instead, and rely on, say, their biometric security features?"

    "Until a competitive marketplace and proper standards are adopted across industry, we actually continue to have fewer options in terms of how we secure our accounts than more," he says. "And that means that the majority of Americans will continue using the same set of credentials over and over again, increasing their risk and exposure to possible leaks (see: Gawker)."

    In the comments section of our previous article, one reader asked who would be responsible "WHEN (not if)" the systems proposed get hacked. 

    "Going back to my previous point, if we truly arrive at a user-centric ecosystem, then the party that you choose to represent you as your identity provider will be responsible should anything happen to your account," says Messina. "And I hope that people actually choose their identity provider carefully, and based on the steps that they take to secure your account and keep it safe."

    "A user-centric model demands that users be in charge of selecting their identity provider, and that this free choice creates a competitive marketplace where identity providers compete for customers," he adds. "If one provider has lax security or onerous identity proofing requirements, the market will ideally reflect that situation by rewarding or punishing them economically, leading to user-positive improvements. Some of this does depend on users having some understanding of what’s at stake when it comes to their online identities and profiles, but just as people safeguard their cell phones today, I think people will feel similarly protective of their online accounts in the future (if they don’t already) and will look for ways to keep those accounts safe and secure."

    As we reported before, there doesn’t appear to be anything in the NSTIC indicating that people will be required to use ID systems spawned by the initiative – a point that some people may have overlooked.  

    "The last thing that I’ll add — which itself is controversial — is that this whole system, at least at the outset, will be voluntary and opt-in," Messina says. "That means that if you don’t want the convenience of not having to use passwords anymore, you won’t have to. If you’re okay rotating your passwords and maintaining numerous discreet accounts across the web, that’s cool too. I don’t think a mandatory system would succeed — at least not without proving its security, stability, convenience, and utility over several years."

    "Furthermore, the fact that this initiative is being run out of the Commerce Department, which has an interest in stimulating growth, business, and innovation, means that we hopefully won’t end up with a set of technologies designed only by security wonks that are completely unusable by regular folks, but that the market will see the exploration of a number of different competitive solutions, and from them, a few will stand out as leading the way forward."

    "I am hopeful that NSTIC, at the very least, is raising these issues at a critical time on the web — where the future of competition for who owns your identity online is in question," Messina concludes. "My hope is that we arrive at a place where people have a choice, and they can go it alone as steadfast libertarians might prefer, or they can choose to get some assistance from the Googles and Facebooks of the web in dealing with this increasingly important issue."

    Speaking of Facebook, any system – existing or spawned from NSTIC – will have a hell of a time competing with Facebook for "owning" users’ online IDs. Facebook has nearly 600 million users worldwide, according to recent estimates, and has a pretty big competitive advantage with its Open Graph and Facebook Log-in features already implanted firmly across many sites around the web.

    Comments welcome

     

  • White House Plan for Web Identity Ecosystem a Tough Sell So Far

    Update: Read more on this from our conversation with Google Open Web Advocate and OpenID Board member, Chris Messina. 

    Original Article: The White House is working on a "National Strategy for Trusted Identities in Cyberspace" in which it has placed the Commerce Department in charge of an "Identity Ecosystem". In a nutshell, the program is about giving consumers IDs they can use to log in across sites all over the web, which they can rely on as being secure, and not have to worry about remembering countless passwords (and thereby not having to use the same password over and over again on different sites, which is incredibly helpful to cyber criminals). 

    Would you rather have a single web ID than use multiple passwords? Comment here.

    Of course the announcement of this strategy has already drawn plenty of skepticism, backlash, and general controversy. For example, many are skeptical that government can succeed where technology giants like Microsoft or Google have not. As some have pointed out, the company that’s probably come the closest and has the best chance of accomplishing becoming online users’ universal ID would be Facebook, given not only its enormous amount of users, but its integration into a large portion of the web through Facebook log-in. Add mobile and the rest of the world outside of the U.S. to the mix, and Facebook does have a very widespread and portable reach. Of course not everyone trusts Facebook to be their universal ID, with many very concerned with how the company treats privacy issues. 

    Much of the criticism of the White House’s efforts has been over the vagueness of the strategy, and of course many simply don’t want the government involved in this. 

    Here is the explanation of the strategy from Howard A. Schmidt, the Cybersecurity Coordinator and Special Assistant to President Obama (from WhiteHouse.gov):

    Howard A. Schmidt Talks Identity EcosystemThis holiday season, consumers spent a record $30.81 billion in online retail spending, an increase of 13 percent over the same period the previous year.  This striking growth outshines even the notable 3.3-5.5 percent overall increase in holiday spending this past year.  While clearly a positive sign for our economy, losses from online fraud and identity theft eat away at these gains, not to mention the harm that identity crime causes directly to millions of victims. We have a major problem in cyberspace, because when we are online we do not really know if people, businesses, and organizations are who they say they are. Moreover, we now have to remember dozens of user names and passwords. This multiplicity is so inconvenient that most people re-use their passwords for different accounts, which gives the criminal who compromises their password the "keys to the kingdom."

    We need a cyber world that enables people to validate their identities securely, but with minimal disclosure of information when they’re doing sensitive transactions (like banking) – and lets them stay anonymous when they’re not (like blogging). We need a vibrant marketplace that provides people with choices among multiple accredited identity providers – both private and public – and choices among multiple credentials. For example, imagine that a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site, and so on, all without having to remember dozens of passwords. Such a marketplace will ensure that no single credential or centralized database can emerge. In this world, we can cut losses from fraud and identity theft, as well as cut costs for businesses and government by reducing inefficient identification procedures. We can put in-person services online without security trade-offs, thereby providing greater convenience for everyone.  

    "We are not talking about a national ID card," U.S. Commerce Secretary Gary Locke is quoted as saying at the event where the plan was announced. "We are not talking about a government-controlled system."

    That’s not enough to curb the criticism, however. For example, Pascal-Emmanuel Gobry at Silicon Alley Insider says, "The big security/IT companies with the right Washington connections to get this gig don’t reassure us any more than the government does." Gobry does also suggest that having the Commerce Department, as opposed to the Department of Homeland Security run the program feels a little less "big-brotherish."

    As far as I can tell, there’s nothing here indicating that people will be required to use IDs from this program. It will be interesting to see how it is adopted around the web. Will people trust this system more than they trust Facebook? Of course there are other options like OpenID, at least for the sites that support them.

    Would you use an ID like the White House is suggesting? Share your thoughts in the comments or discuss with our Facebook fans.