On CBS.com: Sexy women of CBS
BNET Business Network:
BNET
TechRepublic
ZDNet

June 30th, 2008

Could some uses of OpenID create a large privacy issue?

Posted by Tom Foremski @ 10:50 pm

Categories: Internet 2.0

Tags: DNS, VeriSign Inc., Privacy, Domain Name, OpenID, Domain Names, Security, Networking, Internet, Tom Foremski

I just finished a news story about VeriSign’s (NASDAQ: VRSN) secure OpenID services chosen by Microsoft for HealthVault users. The story discusses VeriSign’s DNS services and its OpenID services and asks if this is a problem or a feature. Is this a possible privacy issue or could the two technologies be used to strengthen OpenID and encourage its use.

- Could there be a Potential Privacy Issue with VeriSign’s OpenID and its Internet Directory Name Services?

VeriSign assured me that there could be no collusion between its OpenID and its DNS services. It said it has strict privacy guidelines to protect users.

[Here is a crowdsourcing opportunity: I haven’t checked VeriSign’s privacy policy to see if there is specific wording that would exclude such a business.]

But consider this:

- VeriSign operates the Internet’s “telephone directory.” It runs the Domain Name System (DNS) servers. Every time your web browser pulls up a website it consults a VeriSign DNS server to find its location. It’s a huge number of queries. [ The Domain Name Primer]

During the 1st quarter, VeriSign processed loads of more than 50 billion Domain Name System (DNS) queries per day, with each query representing an instance of an Internet user accessing a Web site or through sending email. The VeriSign DNS continued to maintain 100% operational accuracy and stability throughout 2007 - just as it has for the past decade.

The VeriSign Domain Report – June 2008 >>

- Every OpenID is also a URL that means the use of OpenID naturally requires the services of VeriSign’s DNS.

VeriSign could track all OpenID use and use that information to strengthen OpenID and help prevent others from criminally exploiting OpenID.

But tracking OpenIDs would not sit well with many Americans. US Internet users don’t like the idea of tracking anything more than their FedEx package let alone their OpenIDs.

There is a bigger issue here than identifying or tracking one Internet user. OpenIDs are used to reference specific personal networks of contacts, content and communications. Tracking an OpenID could potentially do more than provide a name, - it could help identify each person’s complete networks of friends, families, colleagues and their comments, blogs and communications. Currently a lot of that information is kept by the social networks such as MySpace, Facebook, Google, Yahoo, AOL, etc. Maybe it’s better to keep things that way rather than use OpenID.

Let me know what you think.

Could OpenID open a Pandora’s box of privacy issues that extend beyond an individual and affect large groups of people at a time? Especially if DNS systems were to be used to help strengthen security and authentication.

Tom Foremski reports on the business and culture of Silicon Valley and beyond. And also blogs at SiliconValleyWatcher.com See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 2 Talkback(s)
RE: Could some uses of OpenID create a large privacy issue?
I hate ZD net

I wrote a very long reply, illustrating why this is not a concern because of the way DNS works, and the way OpenID works.

ZDNet asked me to create a user account before I c... (Read the rest)
Posted by: anon8mizer Posted on: 07/02/08 You are currently: Logged In | Log out
I don't think so. Brendan Moon   | 07/01/08
RE: Could some uses of OpenID create a large privacy issue? anon8mizer   | 07/02/08

What do you think?

3 Trackbacks

The URI to TrackBack this entry is:
http://blogs.zdnet.com/Foremski/wp-trackback.php?p=284

  • OpenID — What is it Good for?
    A strange thing often happens when I write. I sit down thinking about the structure of a news story or a news analysis and I often come up with different ideas and thoughts. I often find that I "think" through my fingers as I type. ...

    Trackback by BoaMethod.com — July 1, 2008 @ 11:42 am

  • OpenID -- What is it Good for?
    and thoughts. I often find that I "think" through my fingers as I type. This evening my fingers have been writing about OpenID and VeriSign: - Could there be a Potential Privacy Issue with VeriSign's OpenID and its Internet Directory Name Services? Could some uses of OpenID create a large privacy issue? | Tom Foremski: IMHO | ZDNet.com As I've written these pieces I've started to question some of the basic ideas and concepts that surround OpenID and DNS. It increasingly seems to me that OpenIDs benefit social network companies that don't have many users. While OpenID users could

    Trackback by Anonymous — July 2, 2008 @ 3:09 am

  • CPR for Tuesday, July 1, 2008
    Face recognition among tools to guard technology By David Canton “As long as the passkey is kept secure, the encrypted data cannot be viewed in ‘plain text’ format, even if intercepted,” commissioner Ann Cavoukian says. ...

    Trackback by Canadian Privacy Roundup — July 3, 2008 @ 3:42 pm

Essential Topics Click Here

Business Productivity Center

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

All-in-One Printers

advertisement
Click Here