Identity Identification and Authorisation


As part of my research I need to look into Amazon.com’s Kindle account offerings. Because of their setup with geographic rights restrictions it’s difficult to set up such an account without a US-registered credit card. Does anyone reading this have an Amazon.com Kindle account who is also available to help us get information about their practices? It’s nothing bad, it’s that we’ve been told Amazon.com provide a “Family Account” with features we’re recommending more service providers should give, but which aren’t available on Amazon.co.uk (and Amazon.co.jp’s account information is mostly in formal Japanese which is a bit beyond me).

Current Mood: Interested
Current Music: None

A copy of a message I sent to Bugzilla today.

I would like to be able to report crashes on my system using Bugzilla. However, I will not sign up for an account on that service because they violate a basic principle of user privacy, and for no good reason so far as I can tell. They require an email address for people to sign up, but this email adddress is then visible to all on any bug reports submitted. They “helpfully” suggest that users should use a “secondary” email account to avoid spam on their main account. This is just a ridiculous suggestion. If I wish to make use of bugzilla to do more than just submit automated bug reports, such as actually track the status of my bug, I’m going to want to use a “push” service to report changes to the bug, and that means accessing the email account I register with them, making it pointless as to whether it’s a primary or secondary account – I’m still going to have to wade through any spam to get at the real contents, and the publication of the email address will pretty much ensure that it gets spammed. Why not follow the more-or-less standard approach of having users select a username which is visible to other users and if it’s really necessary to allow users to contact others for whom they don’t separately know an email address, provide a simple user-to-user personal message system? Since the purpose of Bugzilla is to allow community-minded users to report problems with software to the development community, discouraging them from doing so degrades the whole community effort.

PM on Radio 4 today incldued interviews with people about the launch of ID cards for “volunteers” in Manchester. A frelance journalist was first in the queue to get one and was interviewed about the process. She reported having to create five “secret” questions and answers (i.e. passwords with menmonics). The quality of these, represented by her interview, leaves much to be desired: “What is your favourite food?” being the one quoted. There is some very good recent evidence regarding the flawednature of such questions. These flaws are both false negative (people’s preferences change) and false positive (easy to remember, and therefore not likely to be forgotten, are generally easy to find out or even guess). For example, the answer to “What is your favourite food?” is probably “chocolate” in a large proportion of cases. Next, they discussed the “biometric” elements. Due to having burnt her finger on foodstuff recently (not an uncommon occurrence, I would think) she had a plaster on the index finger they use, obscuring part of the print. Again, this presents both false positive and false negative issues.

Once again, the UK ID Card scheme is shown to be deeply flawed at the most basic level.