Religion, Politics and World Events They make great dinner conversation, don't you think? plus Political Film

Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Old 09-09-09, 05:52 PM
  #1  
DVD Talk Legend
Thread Starter
 
Join Date: Nov 2000
Location: frass canyon
Posts: 16,249
Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

http://www.wired.com/epicenter/2009/...mbrace-openid/

U.S. citizens will soon be able to log in to government websites using their Google account, or the URL of their Yahoo profile. Itís a significant embrace of the open and emerging tech standards the Obama administration promised.

The U.S. government pilot program will allow people to interact with various government websites using an OpenID or an Information Card, the nationís information technology officer will announce Wednesday. These are two of the most popular emerging technologies that let web users manage their identities across multiple websites.

Under the new program, which will go into effect in the coming weeks, people will be able to sign in, request information, participate in forums and build user profiles on the governmentís websites without having to set up a new user account. Anyone will be able to interact with the government sites using credentials provided to them by Yahoo, Google, AOL, VeriSign or PayPal, among others.

The pilot is scheduled to be announced by the U.S. government CIO Vivek Kundra at the Gov 2.0 Summit in Washington, D.C., Wednesday morning.


uhhhhh .... no thanks. Google knows way too much about me. Now the federal government wants me to log in to Federal websites with a google/paypal account?
RoyalTea is offline  
Old 09-09-09, 06:42 PM
  #2  
DVD Talk Hero
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,812
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

So combine that news with this news and see what kind of warm-fuzzy you get:

http://www.washingtonpost.com/wp-dyn...090602238.html

Password Hackers Are Slippery To Collar
By Tom Jackman
Washington Post Staff Writer
Monday, September 7, 2009

When Elaine Cioni found out that her married boyfriend had other girlfriends, she became obsessed, federal prosecutors say. So she turned to YourHackerz.com.

And for only $100, YourHackerz.com provided Cioni, then living in Northern Virginia, with the password to her boyfriend's AOL e-mail account, court records show. For another $100, she got her boyfriend's wife's e-mail password. And then the passwords of at least one other girlfriend and the boyfriend's two children. None had any clue what Cioni was doing, they would later testify.


Cioni, however, went further and began making harassing phone calls to her boyfriend and his family, using a "spoofing" service to disguise her voice as a man's. This attracted the attention of federal authorities, who prosecuted Cioni, 53, in Alexandria last year for unauthorized access to computers, among other crimes. She was convicted and is serving a 15-month sentence.

But such services as YourHackerz.com are still active and plentiful, with clever names like "piratecrackers.com" and "hackmail.net." They boast of having little trouble hacking into such Web-based e-mail systems as AOL, Yahoo, Gmail, Facebook and Hotmail, and they advertise openly.

And, experts said, there doesn't appear to be much anyone can do about it.


"This is an important point that people haven't grasped," said Peter Eckersley, a staff technologist for the Electronic Frontier Foundation in San Francisco. "We've been using e-mail for years, and it's been insecure all that time. . . . If you have any hacker who is competent and spends the time and targets you, he's going to get you."

Federal law prohibits hacking into e-mail, but without further illegal activity, it's only a misdemeanor, noted Orin Kerr, a law professor at George Washington University and a former trial attorney in the Justice Department's computer crime section.

"The feds usually don't have the resources to investigate and prosecute misdemeanors," Kerr said. "And part of the reason is that normally it's hard to know when an account has been compromised, because e-mail snooping doesn't leave a trace."

Every state has laws roughly similar to the federal computer laws, Kerr said, and rate the offenses as misdemeanors.

Not long after Gov. Sarah Palin of Alaska was named the Republican nominee for vice president last year, someone hacked into her personal Yahoo e-mail accounts. And as the election neared, someone at George Mason University hacked into the e-mail of the school's provost and sent a schoolwide e-mail saying the election date had been changed.

"Web Based email password hacking or cracking is one of our all time favourite and unique hobby," write the folks at YourHackerz.com. It's not clear where YourHackerz.com is located, but experts suspect that most of the businesses are based overseas. "We will provide you with the original Passwords. No questions asked whatsoever. Payment only after you are CONVINCED. 100% guarantee of Cracking. Total privacy of your information. No legal hassles."

At SlickHackers.com, they boast, "We are professionals interested in helping serious people for whom an email password would mean saving their marriage, knowing the truth, preventing a fraud, protecting their family/job/interests only when conventional ways and normal procedures do not work."

All the services advertise that they will e-mail a screenshot of the target's in-box or even send an e-mail from the target's e-mail as proof that they've cracked the password. The customer then sends payment. One service, whose fee is only 20 British pounds (about $33), then responds with the script from a scene from a Shakespeare play, with the stolen password hidden in the copy.

click link to read rest of article
jfoobar is offline  
Old 09-09-09, 10:35 PM
  #3  
DVD Talk Legend
 
Join Date: Jun 2000
Location: NYC
Posts: 17,018
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Originally Posted by RoyalTea View Post
http://www.wired.com/epicenter/2009/...mbrace-openid/uhhhhh .... no thanks. Google knows way too much about me. Now the federal government wants me to log in to Federal websites with a google/paypal account?
It's OpenID (and Information Card, a compatible Microsoft standard). Google would know nothing about your activities on the federal website beyond the initial authentication. It's an effort to consolidate your online accounts into a single account so you don't have passwords floating around everywhere.

Here's the gist:

1. You tell the federal site that you're going to use your Gmail account to log in.
2. The site redirects you to Google, where you enter your password.
3. Google redirects you back to the federal site, where you are now authenticated.

This is a good thing.
Breakfast with Girls is offline  
Old 09-10-09, 08:06 AM
  #4  
Moderator
 
nemein's Avatar
 
Join Date: Sep 1999
Location: 1bit away from total disaster
Posts: 34,141
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Again no thanks... If I want to interact w/ a Gov't site I'll create a new login password. There's no need for this sort of interaction IMHO.
nemein is offline  
Old 09-10-09, 08:44 AM
  #5  
Challenge Guru & Comic Nerd
 
Trevor's Avatar
 
Join Date: Apr 1999
Location: spiritually, Minnesota
Posts: 34,724
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Originally Posted by nemein View Post
Again no thanks... If I want to interact w/ a Gov't site I'll create a new login password. There's no need for this sort of interaction IMHO.
That's my thinking as well, admitting that I haven't really looked at the issue. Don't see any advantage/use of this.
Trevor is offline  
Old 09-12-09, 01:25 PM
  #6  
DVD Talk Legend
 
Join Date: Jun 2000
Location: NYC
Posts: 17,018
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Originally Posted by Trevor View Post
Don't see any advantage/use of this.
If a site you use is hacked, you now have to change your password individually for every site that uses that password.

With OpenID, your password is kept in one place. If Monster.com is hacked <em>yet again</em>, you don't care, because they don't have your credentials in their databases.

If, somehow, your password is stolen from an OpenID server, you only have to change it in one place, once.

You can also remove sites from the list of "trusted sites" associated with your account. You can't do this with the current method unless those sites let you delete your account.

You also don't have to keep your credentials on Google (even though you already do). If you really want to, you can set up your own OpenID server that you manage. There are plenty of open source projects out there to do this&mdash;it's similar to setting up a WordPress blog. There are plenty of providers, as well: besides Google, you can use Yahoo!, MyOpenID.com, etc.
Breakfast with Girls is offline  
Old 09-12-09, 01:41 PM
  #7  
DVD Talk Hero
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,812
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Originally Posted by Breakfast with Girls View Post
If a site you use is hacked, you now have to change your password individually for every site that uses that password.

With OpenID, your password is kept in one place. If Monster.com is hacked <em>yet again</em>, you don't care, because they don't have your credentials in their databases...
Oh, I think he gets that part. Fairly secure single sign-on between Gmail, Twitter, Facebook, individual message boards, etc. sounds like a great idea. It's the interacting with the government using the same identity that you use on social networking, etc. part that gives many pause.

That and the obvious "all your eggs in one basket" thing.
jfoobar is offline  
Old 09-12-09, 02:14 PM
  #8  
DVD Talk Legend
 
DeputyDave's Avatar
 
Join Date: Apr 2002
Location: San Diego, CA
Posts: 14,081
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

If you don't follow their rules Obama will simply shut down the internet. Take his cyber ball and go home.
DeputyDave is offline  
Old 09-12-09, 02:37 PM
  #9  
DVD Talk Legend
 
Sean O'Hara's Avatar
 
Join Date: Nov 2005
Location: Vichy America
Posts: 13,535
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Originally Posted by Breakfast with Girls View Post
If a site you use is hacked, you now have to change your password individually for every site that uses that password.
If you use the same password for every site, you deserve to be hacked.
Sean O'Hara is offline  
Old 09-12-09, 02:40 PM
  #10  
DVD Talk Legend
 
Join Date: Jun 2000
Location: NYC
Posts: 17,018
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Originally Posted by jfoobar View Post
Oh, I think he gets that part. Fairly secure single sign-on between Gmail, Twitter, Facebook, individual message boards, etc. sounds like a great idea. It's the interacting with the government using the same identity that you use on social networking, etc. part that gives many pause.
Please explain. What is the government going to do with this information that it can't do already?

Originally Posted by Sean O'Hara View Post
If you use the same password for every site, you deserve to be hacked.
I didn't say "same password for every site".

If a site you use is hacked, you now have to change your password individually for every site that uses that password.
Or do you use a different password for every single site you go to?
Breakfast with Girls is offline  
Old 09-12-09, 02:54 PM
  #11  
DVD Talk Hero
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,812
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Originally Posted by Breakfast with Girls View Post
Please explain. What is the government going to do with this information that it can't do already?
The government could have a very difficult time associating this post (and the author "jfoobar") with a real name, address and social security number, not to mention cross-referencing this post with a Facebook account, an email account and/or a player profile on an online poker website, etc., etc. I only say "could" in this case because I don't go to much pain and care to keep my actual identity a secret and use lots of different user names on different websites. Lots of people choose to do so, and not just to thwart possible government efforts.

By using what is, in effect, an single sign-on solution that includes accesses to government-owned websites (the access and network logs and subscriber information for which they do not need preservation orders, search warrants and subpoenas to access), one would remove a substantial amount of that potential anonymity as well as the ease at which the otherwise disparate elements of one's online life could be tied together in a nice, tidy bundle.
jfoobar is offline  
Old 09-12-09, 03:06 PM
  #12  
DVD Talk Legend
 
Sean O'Hara's Avatar
 
Join Date: Nov 2005
Location: Vichy America
Posts: 13,535
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Originally Posted by Breakfast with Girls View Post
Or do you use a different password for every single site you go to?
So far as I know. I use KeePass to generate 16 character random passwords that I store in an encrypted database. I don't actually know any of them. I suppose it's possible that two of them are identical, but that's highly unlikely.
Sean O'Hara is offline  
Old 09-12-09, 07:37 PM
  #13  
DVD Talk Legend
 
Join Date: Jun 2000
Location: NYC
Posts: 17,018
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Originally Posted by jfoobar View Post
The government could have a very difficult time associating this post (and the author "jfoobar") with a real name, address and social security number, not to mention cross-referencing this post with a Facebook account, an email account and/or a player profile on an online poker website, etc., etc. I only say "could" in this case because I don't go to much pain and care to keep my actual identity a secret and use lots of different user names on different websites. Lots of people choose to do so, and not just to thwart possible government efforts.

By using what is, in effect, an single sign-on solution that includes accesses to government-owned websites (the access and network logs and subscriber information for which they do not need preservation orders, search warrants and subpoenas to access), one would remove a substantial amount of that potential anonymity as well as the ease at which the otherwise disparate elements of one's online life could be tied together in a nice, tidy bundle.
A lot of sites with OpenID allow you to choose an alias specific to that site. So you could sign in with your Gmail account to both DVD Talk and a federal website and have a jfoobar appear on your DVD Talk posts. No one except Google is any wiser. And if you are truly paranoid, you can set up your own OpenID provider so only you have access to that information.

That said, I believe that any online privacy you perceive to exist is largely an illusion, given the massive amount of information collection going on at telecoms and ISPs.

Originally Posted by Sean O'Hara View Post
So far as I know. I use KeePass to generate 16 character random passwords that I store in an encrypted database. I don't actually know any of them. I suppose it's possible that two of them are identical, but that's highly unlikely.
I think it is safe to say that you are not in the majority. This would represent a step forward in security for a majority of users.

Last edited by Breakfast with Girls; 09-12-09 at 07:40 PM.
Breakfast with Girls is offline  
Old 09-12-09, 07:51 PM
  #14  
DVD Talk Hero
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,812
Re: Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

Originally Posted by Breakfast with Girls View Post
A lot of sites with OpenID allow you to choose an alias specific to that site. So you could sign in with your Gmail account to both DVD Talk and a federal website and have a jfoobar appear on your DVD Talk posts. No one except Google is any wiser. And if you are truly paranoid, you can set up your own OpenID provider so only you have access to that information.
So best case scenario is that law enforcement can swear out one warrant to the OpenID provider and find out your account names across a multitude of online sites?
jfoobar is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.