Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Privacy

Thoughts for Thawte's Personal Certificates? 9

Posted by Cliff from the scouring-for-opinions dept.
ShadowMaster asks: "Does anyone know (or had experience with) dealing with Thawte personal certificates. They are offered for free by Thawte, but I cannot find any reviews or consumer feedback on the matter. They ask for some interesting private information (SSN, DOB, etc.) so I was just curious if anyone has had any problems with the service, or if they are truly on the level." As most of you are aware, you have to be very careful what information you leave online these days. Does Thawte do their part in keeping what information you do give them out of third party hands?
This discussion has been archived. No new comments can be posted.

Thawte Personal Certificates? More

Thawte Personal Certificates?

Comments Filter:
  • I've used them for about two years now to sign my important email messages and it works great. As someone else put it, you are only as good as your weakest link -- this certificate only certifies that it is the same person sending the messages. If you want it to certify who you are, you have to build a "Web of Trust" by basically getting a notary, CPA, bank, etc to certify who you are.

  • Re:SSN not private... (Score:3)

    by Kefaa ( 76147 ) on Friday June 08, 2001 @08:40PM (#165063)
    I spoke with the SSA and as they put it, Congress is a little far behind on this one. The law, as stated above, is businesses cannot force you to give your SSN. However they do not have to provide the service, equipment, etc. if you do not. [Color me vague here but does anyone see a difference but a lawyer?]

    BTW - SSA answered their phone in 4 rings, no queue, AND the person was friendly with information. Bonus them +2...

  • Fishing licenses are issued by the government, albeit a state or local authority... its still government. Just as an FYI.

    Same goes for your drivers license, birth certificate etc...

  • yes, however the people who handle it aren't even government employees, they just happen to work at a business authorized to issue fishing licenses (unless you actually walk into a government office to get the license, but most people don't)
  • except they should be "state secrets"
    they're desiged specificaly for FINANCIAL authentication
    unfortunitely their use has gotten out of hand
    it is actually against federal law for anyone to requier you provide them with your SSN if they're not your employeer or banker or the government, unfortunitely this is not enforced, and so it's used even for fishing licenses!
    the problem is, if someone gets your SSN, they can steal your identity entirely
    get a birth certificate, drivers license, credit cards, access to your bank accounts, etc.

    you NEED to keep the number secret and not give it out
  • What I'm saying is that since what regulations there are haven't been adequately enforced, it's not prudent to use it as an authenticator even if you are a bank or the government. IOW, the cat's out of the bag, and we need to just realize that. BTW, your only recourse against a private business that wants your SSN (absent specific state or local law to the contrary) as a condition of doing business is to take your business elsewhere. The Privacy Act of 1974 (federal law) only constrains what government agencies can do. Am I happy with that? No. Can I acknowledge the reality that someone even mildly determined can have my SSN and DOB in under half an hour? Yes.
  • The law, as stated above, is businesses cannot force you to give your SSN. However they do not have to provide the service, equipment, etc. if you do not.

    So, in other words, a business effectively can force you to give your SSN. For example, your electric utility wants your SSN. They can't force you to give it, but if you don't, they don't have to provide electricity to your home. That's a pretty good hammer they have there. (N.B., my utility companies provided service without an SSN, but required a deposit, on which they paid 8% interest, heh).

    The SSN FAQ [cpsr.org] goes into some detail on the business question, and states that "Private companies aren't required to follow this law [the Privacy Act], and in general your recourse is to find another company to do business with if you don't like their policies."

    I'm gratified to hear the SSA answered your call quickly and courteously. It's all too uncommon in both enterprise and government anymore.

  • Thawte was purchased by Verisign awhile back. While I'm not sure whether that helps or hurts our ability to trust them, bear in mind that SSN + DOB aren't exactly state secrets anyway, and the sooner we quit pretending they are, the sooner people (like those at our banks) will quit using them to authenticate us. I've had a certificate for some time, having even gone to the trouble to gather trust points from one Thawte notary. I need to finish the job sometime.
  • Believe it or not, the phrase "Thawte Certification Practice Statement (?CPS?)" appears in their privacy statement! Soon they'll slip in "Thought Certification". ;-)

Slashdot Top Deals

Suggest you just sit there and wait till life gets easier.

Close