News:

PD.com: We're like the bugs in the Starship Troopers movie: infinite, unceasing, unstoppable....and our leader looks like a huge vagina

Main Menu

So what's the deal with online privacy?

Started by Captain Utopia, June 16, 2010, 08:28:13 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

Cain

#15
June 20, 2010, 03:59:49 PM
Quote from: Captain Utopia on June 20, 2010, 02:52:36 PM
The anti-terrorist forces will find ways to meet their expected quotas one way or another, blaming it all on the vector of discovery seems to be missing the point.

No, you seem to be purposefully overlooking that the vector is entirely central to this thread.  Just because I could root through your trash to find out your credit and purchase details doesn't mean if they're acquired via a company database that this is any better.

But you've already made up your mind there are few legitimate privacy concerns anyway, so there is no point debating it.  Well, not with you.

Triple Zero

#16
July 23, 2010, 10:07:04 AM
Quote from: Captain Utopia on June 17, 2010, 02:30:10 PM
Anyway - I think a crypto-card approach would be a better way to identify yourself to companies which currently use PI as passwords.  E.g. Operator: "Can you press red, blue, yellow";  Me: "Okay, connecting... 2963?";  Operator: "How can I help you today?" etc.  Or a phone-app, which keys against voice/video/whatever.  But if you had a system like that in place, it would hardly matter - in terms of ID Theft as it currently stands (the criminal is never physically close to the victim) - if companies sold your PI or not.

That's why I see companies trading in PI as irrelevant to the long-term problem of identity theft.

This makes no sense whatsoever? Just because you can propose a theoretical solution to a very tiny part of the problem of ID theft (using PI as passwords), the entire problem goes away in the long run?

Specifically using PI as passwords over a phoneline for identification is just a single example of the many, many bad things you can do with stolen PI.

Additionally, even if the formal protocol doesn't involve using PI as passwords for identification, doesn't mean you can no longer use PI as such. If you give the operator the impression you are this person [by using their PI], they may not think to ask for the crypto card anymore.

To prevent that [and many other social engineering attacks], you need to cut out the entire human factor from the transaction--which is impossible where PI is concerned as an attack vector. Because if it was possible, it would literally no longer be PI, by definition. So you're left with solving the PI/ID theft problem by removing the PI. And that is what we call "privacy".
Ex-Soviet Bloc Sexual Attack Swede of Tomorrow™
e-prime disclaimer: let it seem fairly unclear I understand the apparent subjectivity of the above statements. maybe.

INFORMATION SO POWERFUL, YOU ACTUALLY NEED LESS.

Captain Utopia

#17
July 23, 2010, 03:48:45 PM
Implicit in that description is that the operator would need to key in the code provided by the user, in order to access any personal data.

So the operator could not "forget" to ask for the generated code - they would not be able to do any damage without it.
Print
Go Up Pages 1 2
User actions