More Identity Sunday

I found a neat little site called through a good blogger and Mac enthusiast Christine Cavalier over at  Christine contributed a good segment on an upcoming episode of Typical Mac User.  So I went to check out her blog.

You will see on her and now my page on the right hand side a button for a card.  This lets a nice popup business like card come up.  Links to all the various social services and my professional associations are consolidated all into that card.  Pretty neat.

You can embed it onto your web site like to the right or into html based email as a signature etc.  

It is interesting how self referential all these identity sites become.  Once I made my retaggr card, I then went and put a link to it at claimID.  And of course on the card is a link to my claimID profile.  You get the idea.

Hashing Identity

So I was glancing over at today and saw the article:Airline captain, lawyer, child on terror ‘watch list’ on several definitely not terrorist folks on the terror watch list just by their name.

So let me get this straight. Our government security officials are so clever they cannot come up with better control than a simple name is either on the list or it isn’t? How about taking these folks who are OBVIOUSLY not terrorists. Gather some basic but private facts about their identity. Hash the information together. Then when these folks travel the information they provide quickly when a flag is raised is rehashed and if it matches let them go on about their business. If enough basic but not easy to obtain answers are gathered then it should serve as a much speedier check to let the person go on without risking a terrorist simply farms public facts about someone with the same name.

Identity Sunday

Well one of my fellow Friends in Tech members, Steve Holden coaxed me into setting up Friend Feed.  It lets you consolidate all your major social networking services into one feed for your friends to follow.  Mainly I did it just to reserve my name on it for Identity purposes.  That in turn led me to update my claimID page and a few other things like my 2idi (iName) link redirections.  If you want to see my friendfeed page just click the “My Social” link in the top right.  Notice the link is not the actual friendfeed page but my iName XRI formatted url redirector.  That way if I decide I want to move from Friendfeed to something else I can just update my iName redirection link and everywhere someone linked to the XRI formatted link they always go to the current service I am using.

It got me to thinking that it would be interesting to see a merged service of ClaimID and Friendfeed.  Also it really makes me wish applications like skype, IM clients and email clients like Apple would recognize iNames.  Just think if you wanted to skype a friend and not knowing their real skype name you could just type like =starcher and have it go query their iName provider for the correct name.  I bring this up because as I slowly transition the old name out of existence to it would help me hide the old starinfosec name in use on things like skype when telling folks how to find me.  I mean how hard would it be for skype to parse =starcher go to my iName provider and look for a defined skype service to tell it my real skype name as I defined it.

Oh well here’s hoping it just starts catching on.  I think if enough developers simply added it that it would turn into a slow burning ground fire.  Even if most users didn’t know the support was there till the first time a friend tells them to just type my name as =myiName.

Zip Code Annoyance

It seems everywhere I go these days the stores and restaurants pester you for your zip code.  Granted it is better than hitting you up for your phone number like they did the past few years.  But I decided today to start running a test.  I am going to give out 55544 instead of just declining.  That it an invalid zip code.  Let’s see how many places do real input validation on what the person enters into their system.

Loss of Laptops – Negligence on whose part?

I am completely disgusted by a local event here in Tennessee. Two laptops were stolen from the Davidson County Election Commission over the Christmas holiday. They likely held 337,000 identities including the SSN, name and address of registered voters. You can read about it in the Tennessean article.

1. Why on earth was there no alarm on a building associated with election records? A rock through a window and two laptops vanish?!?

2. Why on earth were two laptops with such data left outside a safe? Surely such backup units are regularly stored in a secure location.

3. Why on earth were they not equipped with encryption?

So who is to blame? The user/custodian of the laptops? The physical security contractor? The IT department?

It comes down to what are the policies in place. After all IT in government and business alike only can do so much if management is not forced to provide funds and resources to meet the policy. If the policy did not exist then I recommend the council members should consider resigning themselves. If the policy was in place fire the IT head. the physical security head and terminate the contract of the physical security vendor. That should send a message of accountability. It should not be a surprise to these people that such information which is required to achieve the electoral mission would be at risk without proper measures.

Identity Tidbits

I am sure everyone who reads online articles, blogs etc has seen the talk about Facebook being used to gather data for Identity theft. I stumbled onto one little tidbit. Amazon. Would you believe that your birthdate (minus year) and email used for your Amazon account shows up publically to everyone by default?

You should log into your account. Click Yourname’s Amazon the click the “Your Profile”. Make sure to edit it and change your email and birthdate lines to show for you only. Then on the right side do the view page as seen by Everyone. I sure hope I accidently set that and it was not Default.  If it was default Amazon ought to be ashamed.

Amazon Profile

Exploring Identity

I have been playing with various technologies like openID for the past few days. If you look to the right in the sidebar you will see a link to a couple of things. The “Contact Me” is an iName link to a Contact page. This helps reduce spam since the contact page is a web form. iNames also help provide an abstraction layer on URLs. So if you want to link to your blog you might use then if you ever move your blog from one web hosting service to another you just update the iName forwarding and everywhere you posted your link the readers can still find you.

Below that you will see the link to my claimID page. ClaimID is where you pull together all various pieces of your online identity. Everything from web page links related to you, email addresses and openID providers.

openID is way to give you authentication and other services to sites that support openID. These are called openID consumers. Most likely you have an openID already and do not know it. If you use AOL IM or iChat then you have an openID URL you can use with OID consumers. You can check out my post on that over at Typical Mac User.

We are playing around with the wordpress plugin for openID. If we can we will be adding support to our various blogs of the Friends in Tech members.

Lastly I added a service called Grand Central when I got a beta invite from Victor over at Typical Mac user. It is also an abstracting layer like iName. But it lets you abstract your phone numbers. You pick a number out and then tell the service all your other phone numbers. This is great if you have to leave a number with someone while you travel. One number and they can reach you at any of several numbers you might be at.  You can even program in rules.  So family listed in the contact address book get forwarded to your cell phone while any other caller might go to voicemail.  It does this based on matching caller ID.