Joel on Software Does Issuing Passports Make Microsoft a Country?
Privacy from Companies
7/27/2000; 7:30:57 AM 'Am I the only one who is terrified about Microsoft Passport? It seems to me like a fairly blatant attempt to build the world's largest, richest consumer database, and then make fabulous profits mining it. It's a terrifying threat to everyone's personal privacy and it will make today's cookies seem positively tame by comparison. The scariest thing is that Microsoft is advertising Passport as if it were a benefit to consumers, and people seem to be falling for it! By the time you've read this article, I can guarantee that I'll scare you into turning off your Hotmail account and staying away from MSN web sites.' Always read what Joel has to say. 'Now, if you go to another Microsoft web site, say, www.investor.com, the same thing will happen: you'll get redirected to Passport and then back to Investor. Because Passport is "telling on you", even though your web browser is supposed to be protecting your security by following the golden rule of cookies, it's really Passport that is signing you in. Bottom line: Hotmail knows that you're the same person that just went to Investor. And that applies to any Microsoft web site: Slate, Expedia, Hotmail, Investor, MSN, etc.' I'm not much of a source hacker, but when Mozilla gets released, there's a patch I hope to make. I want to 1. Flat out block ALL use of "window.open" from anything but a click on a link. 2. Always pop up a warning about redirects such as the one Microsoft is currently using for Passport and 3. Eliminate "window.onclose" as an event; that's how people do things when you leave the site. Something tells me those patches could become popular. (Actually, the ideal solution, which I don't have time to implement, would be to add another layer of security sandboxing, allowing the user to disable specified parts of ECMA/Javascript and the event model.)