Thread: Microsoft InfoCard

PCWorld.com Article - Gates Outlines ID Management for Vista, XP

Basically, inside XP there will be a "InfoCard Manager" or something like that. It will have all of your information that you've ever used to sign up for a site, since its purpose is so that you wont ever have to have multiple online aliases online. That means things like your name, your address, your email, and your bank account. Yes, your bank account, because this is going to be used for e-commerce. Also can be used for online banking, so any information you have for loans and such, that'll be on there to. Any website that wants to use it, in fact, I'm sure will be able to. So all those forums that ask you your hobbies, whether you're single, your smoking habits, your sexual preference. It's on there, and your bank will then be able to see it.

Oh, and that's all in your Windows operating system. Doesn't that make you feel nice and warm and cosy inside like the dead of winter with a wide open door?

"Daynah, why on Earth would you want to switch from Windows?"
"Cause I don't have any siblings, especially not a Big Brother."

Supposedly I'm freaking out about this too much. But I'm quite content right now to stick with my Ubuntu and pray that websites don't -require- you to use this.

There's no way I'd use an MS-InfoCard because:

1. It will be a proprietary closed-source technology that will only work on Microsoft Windows. If this technology is adopted worldwide, it has the potential to lock consumers out of using anything but Microsoft Windows + Microsoft Internet Explorer + Microsoft InfoCard to do business online. If InfoCard is not going to be a W3C standard or some other standard that is controlled by an international standards body or is not demonstrably platform neutral (i.e. can run on something like a Mac or Linux), there is no way I'd use it.

2. I see this opening up a whole new bag of security risks; everything from a rogue standalone application that can read your InfoCard without your permission to a webpage that contains a drive-by-download spyware component, that, just by visiting the webpage, silently reads information off your InfoCard and transmits it back to a server, to who knows what. Right now, if someone stores sensitive information on their computer (like passwords, bank account numbers, credit card numbers etc...) it may be in a text file, a document, a spreadsheet, a database, or some other program. Without a priori knowledge and some serious text engineering, it is near impossible for a program to autonomously extract such information because it doesn't know where to look, what format the information is in, how to identify it, etc... But with InfoCard, everything will be stored in a presumably consistent location and format that a program may be able to hack. While an InfoCard may be prove to be convenient, if I were to use it, at the very least, there are some serious security concerns that would need to be addressed, and the technology would have to be mature, and have a proven solid security track.

I have to agree.
If someone manages to crack it, then he will have access to my most private stuff, including my bank account number. No thanks.

I'll remain with Ubuntu, thank you very much, Bill.

Normally I would agree with the sentiments posted here. However, after recently learning more about Windows CardSpace (it's version of InfoCard), as well as learning that Novell is taking the same technology OpenSource for Linux and Mac, I am now truly intruiged. What this means is that this system is not Windows-based or -dependent, rather, it is a new technology that can be implemented by the website developer or provider without having to worry if the user is using a certain technology or not.

I do appreciate the concerns for privacy, as mentioned above. However, if you store your passwords in your browser as cookies, even encrypted cookies, you will be less secure than using InfoCard technology. Moreover, using infocard technology is more secure than using a Username/Password sign-in process on a web-page, since that exposes your username AND password (possibly encrypted, or more likely, not) to potential sniffers and malware.

I will be keeping my eyes open for more info on this technology, especially how it integrates into Ubuntu, and other flavors of Linux, as well as MAC, and Windows platforms. After all, the only point in using this technology is if it is feasable for public web sites without having to rely on users using certain technologies. It needs to work OOTB (out of the box) while providing superior security and placing identity management into the users hands. Plain and simple.

Cheers!
Mike Bronner

Microsoft CardSpace is one instance of the Identity Metasystem, as defined by Kim Cameron. Kim is the Identity Guru from Microsoft. Don't let that fool you, he is responsible for Microsoft freeing some patents on identity stuff.

Kim Cameron also defined the Laws of Identity, that form the basis for the Identity Metasystem. Lots of development is going on. For instance, the open source Higgins project (Novell ea) will be compatible, as is OpenID.

Read all about it at Kim Cameron's Identityblog. Be ware: It will take all your spare time.

I really hope that there will be a low impact linux version of CardSpace. There are already some identity selectors that plug into Firefox, now they only need to tap into a linux CardSpace variant. Bandit anyone?

I have the most secure means of securing my personal info, its called..... My Brain! Nobody can crack it, nobody can read it and nobody can get at my info from it except me. Oh and yes, I do actually remember each and every account I sign up for and its password.

Oh and there is no force anywhere in existence that could posses me to trust a Microsoft (or any other technology for that matter) with my bank number and pin (or any other info, like my full name, address...). None.

This reminds me of what ".NET" was supposed to be when announced in 2000-1. Hmmm.

Originally Posted by starcraft.man

I have the most secure means of securing my personal info, its called..... My Brain! Nobody can crack it, nobody can read it and nobody can get at my info from it except me. Oh and yes, I do actually remember each and every account I sign up for and its password.

totally agree! the only safe way to keep your data secure is keep it off your computer. i would like to see some honest facts and figures from the banking fraternity about how much computer fraud actually goes on, obviously they don't advertise their data and account detail thefts, with the rise of identity fraud, peoples personal info is worth big money now. there will be methods created to bypass any security layers sooner or later. will ms, or whoever, compensate people if due to their infocard software being compromised, they lose money?

I can understand the reasoning behind it...to allow folks who surf and purchase over the web not to have to remember tons of logins and crap.

But, it's like letting the wolf guard the hen house. You'll have all these folks relying on this technology to enable them to remain oblivious to what their computer is doing, then some hacker type will create some program to farm user info off their computers with a trojan or something. If you put all your eggs in one basket, it's just that much easier for a criminal to steal all your eggs.

Didn't MS try something like this before with their stupid MS Passport idea?

why would somebody want to use something like this? I don't even write down anywhere in my pc my passwords...not talking about bank accounts and stuff...
I have a pretty good memory and until, proved contrary, it's the hardest thing to crack in the world