Helping Surfers Sidestep Site Registration

netbuzz writes, "PrefPass, a startup debuting at DEMO today, is looking to do for the onerous Web site registration process what Amazon has done for shopping: one click and you get the goods. If it catches on, sites requiring full registration may feel the heat." Looks like sites will have an incentive to implement PrefPass; it's not antagonistic to their interests in the way Bugmenot is.

Attempted before?

[daveschroeder]

Hasn't this been attempted before, with the likes of PassPort, and other numerous "universal" single-signon type things that have attempted to partner with commercial sites, and so on?

It says it's different from PassPort, and I agree, but I fail to see why this would have any more success.

Re:

[hal2814]

I'm not even sure I agree that it's different from Passport from the user's perspective. You still have to join and sign in to PrefPass to use it. And then from the site's perspective, it looks like you'll get less info than you get from Passport. Sounds like a situation that benefits noone and hurts the ones who pay the bills for PrefPass.

Re:Attempted before?

[MBCook]

If you read the article it explains the difference. While Passport is a full login (that can hold things like Credit Card numbers and such) this just holds information about what you like and your name, stuff like that. For all intents and purposes you are still anonymous, but they can customize content so that you are more likely to read it using the information you provide.

Compare that to Passport who is basically giving a site a biography on your if you use it.

Re:

[mastergoon]

I'm not here to plug on my own site, especially because I don't even really maintain it anymore (no time or interest really), and there are probably other, better solutions out there. However, I will mention it because what you are saying is what I was trying to do.

I'm talking about MyUID [myuid.com] [slashdot article [slashdot.org]]. I set up a site where you created a profile, which could be read over sites that participated in using our API. You specified what public information you wanted to provide, your privacy was up to y

Re:Attempted before?

[KillerCow]

this just holds information about what you like and your name, stuff like that. For all intents and purposes you are still anonymous

I think that your definition of "anonymous" is different from most people's.

Re:Attempted before?

[John Hasler]

anonymous@example.com is a member. His "fav" site is www.example.com

Re:

[Red Flayer]

It's the one-click feature -- no userID, no password.

Basically, one aggregate cookie for each person that displays (limited to PrefPass participant sites) browser history. The reason this works better than Passport for a lot of sites is that the website is provided with marketing info, not just a validation of the user. So the participating sites don't need to request the info, they don't need to worry about storing the info (if they do so to make sure non-cookie-accepting-visitors still get tracked), et

Re:

[TubeSteak]

Basically, one aggregate cookie for each person that displays (limited to PrefPass participant sites) browser history.

Which means PrefPass gets to track all your browsing @ PrefPass sites & sell/info-mine that aggregate data.

They aren't doing it out of the kindness of their hearts.

Re:

[irc.goatse.cx troll]

Hopefully it will fail the same way. What we need is public key encryption used for authentication over http. The "single signon" should be authenticating to the agent in your browser which should get you instantly logged in to any site that accepts your public key.

Re:

[smitke]

Mod Parent Up

Re:

[johntash]

There's an interesting idea.

Re:

[irc.goatse.cx troll]

Thanks, I kind of rushed to post as I was in a hurry, but I'll elaborate a bit further on this now.

Doing it this way provides full "single signon" features that passport offered without ANY dependence on a third party being available and playing nicey with competition. The only downside is you'd need your key with you at all times, but with the price of usb thumbdrives I don't see that as much of an issue if done right, and you can always keep normal logins as backups.

On top of that you can also use this to

Re:

[Flendon]

I disagree that a lot of people wouldn't mind. A lot of nerds wouldn't mind this, but the Average Joe would. Sure, Joe will love this when he first sets it up. The first time he tries to use another computer and has to remember his normal login that he hasn't used in a year he will be pissed, you can't expect him to remember 'password1'. And what about when his hard drive dies and he has to rebuild his box, he doesn't know how to do a backup you know. I know, I know, you said thumbdrives; thumbdrives are gr

Re:

[quiddity]

Yup, see Typekey.com [typekey.com]

Re:

[plover]

RTFA. This isn't for "full signup" sites, this is more like a cross-site cookie. The idea is they don't ask you to register if you're just trying to read something. The idea for the host site is that they'll be able to target (ads|pages|search results) to you based on your whole surfing history (*cough*google ads*cough*) not just that site. As a "bonus" to you, the surfer, you won't have to do anything and the host site could store your preferences (font choices, colors, etc.)

Re:passport?

[jjeffries]

I know it's weird, but...

I love the way you say "passport".

C'mon, won't you say it again?

mmmmmm.... passport... it's just such a beautiful word...

passport...

passport!

Re:

[Solra Bizna]

Until the "A computer matched him with her?" line. -_-

-:sigma.SB

No

[Aqua_boy17]

I thought that's what AC's were here for?

Re:

[Goaway]

You really are making the GNAA look unprofessional with that horrible grammar and prose that reeks of overreaching your abilities as a writer. Here, let me fix that for you:


In a self-congratulatory press conference described by one historical analyst as being "worth 10 Dresdens", the now world-famous egalitarians of the Gay Nigger Association of America announced to the world press that their highly successful open source "LastMeasure" project has now reached over one hundred thousand homes across the world

Don't the sites want the demographic info?

[khasim]

I thought (correct me if I'm wrong) that the reason those sites want your age / sex / location was for demographics (for marketing and such).

If they just want to personalize your page, a cookie should be sufficient.

So, if this tool allows me to login to multiple sites, but with faked info, I don't see the sites going for it.

Re:

[$RANDOMLUSER]

The demographic info decides which ads you are shown as you navigate the site. The sites make their ad revenue based on views/clicks by the "right kind" of eyes.

Re:

[kfg]

So, if this tool allows me to login to multiple sites, but with faked info, I don't see the sites going for it.

This tool does not help you log into the NYTimes by providing their registration process with fake info. It helps you log in to sites that have opted in to the program and agreed to take less info about you during registration.

Sites obviously don't want fake info; it doesn't simply affect their interactions with you, very small amounts of fake info can completely fuck the validity of the statistica

Porn. Lots of porn.

[khasim]

Anyway, the information the sites get with which to target advertising and play with numbers is your history of browsing participating sites. Go to L.L. Bean and they know you're a potential Land's End customer, but probably don't have much interest in Deb or The Limited.

And the flaw with that approach is that many people will not want many of the sites that they go to to be known (and indexed) by what is basically an advertising agency.

Now, if you could maintain multiple profiles that would NEVER cross, th

Re:

[kfg]

And the flaw with that approach is that many people will not want many of the sites that they go to to be known (and indexed) by what is basically an advertising agency.

Well ya don't exactly see me rushing to be first in line to sign up, I can tell ya that.

Now, if you could maintain multiple profiles that would NEVER cross, this might be a good idea.

Hotmail.

They're going to have to provide me with some more service than just centralizing my fake name and fake email address.

See? Ya got the idea already.

KFG

Re:

[dhollist]

Isn't it plausible that your "anonymous" Hotmail accounts / multiple profiles could be cross-referenced by your IP address? Since ISP records are increasingly making their way into the public domain [securityfocus.com], such cross-referencing would seem inevitable.

Just like cell-phone records are now commercially available, it's probably only a matter of time before someone starts selling databases that cross-reference IP addresses to online account aliases.

Re:

[kfg]

Isn't it plausible that your "anonymous" Hotmail accounts / multiple profiles could be cross-referenced by your IP address?

Nothin's perfect. Wait'll ya see the unauthorized biographies that start getting written about 20 years from now.

KFG

Re:

[fritzk3]

I thought (correct me if I'm wrong) that the reason those sites want your age / sex / location was for demographics (for marketing and such).

Silly me. Here I was thinking that when sites asked me for A/S/L, it was because they wanted me to have cybersex with them!

I guess this just doesn't have quite the same effect:

Site: ASL?
Victim: 24/F/wherever
Site: Want some ads?

To Hell with What They Want

[PopeRatzo]

I could not care much less for what sites want when they try to collect my demographic information. More often then not, it is directly the opposite of my own desires and preferences. I go to a site to read an article, check a price, or a score, or the day's news. I will look at an advertisement under protest, but I will not willingly give them ammunition to bother me outside of my interaction with their site.

When a site asks for my personal information just so I can see their advertisements on my way to reading the morning's news, I have no problem at all about lying to them. I give a fake name, a fake zip code and a fake email.

If they require an email authorization, I use a spamcatcher account that is created with fake information.

Since when are we required to acquiesce to the wishes of the corporate world just for the privelege of purchasing and using their products? Since when do I have to provide correct personal information just to get the day's weather forecast?

It's the same thing when I go to a Best Buy or Radio Shack and they ask for my zip code or last name. Maybe down the line if they figure out that people are lying to them they'll stop asking.

I'm starting to believe that the next few decades will be marked by the traditional business/customer relationship being replaced by a much more combative, adversarial interaction between the individual and the corporation. It will be to nobody's benefit, but it seems that there are few ways to discourage real assholes. I'm sure those of us who still believe in the primacy of the individual and privacy in general will become inventive in coming up with more ways to thwart these "business" people who believe they have ownership rights over our lives. It's time to balance the scales a bit, I think.

Re:

[thejake420]

Ok, so then by that logic you get a site like /. where there would now be a huge database of fake people, making the page load times increase becuase of all the useless info in the DB. then when a site sends a useful bulk email (not referring to /.), 50,000 of them bounce. That's 50,000 people that don't know that their service/script (whatever it may be) needs to be updated to avoid an attack or something. Then... because a free mail service like Hotmail sees 50,000 bounces from a domain, they flag it as s

Re:

[DreamerFi]

they're both at fault

Really? How is it my fault that their business model doesn't work? Is it my obligation to make sure that whatever business model a web site works out is actually going to work and make them a profit? Is it my obligation they make a profit?

Is it really my fault for not wanting to bend over, anal lube conveniently nearby?

Re:

[kthejoker]

Why do people insist on treating the producer / consumer relationship as a one-way street?

"Since when are we required to acquiesce to the wishes of the corporate world just for the privelege of purchasing and using their products?"

That's called the free market, buddy. Don't like Company X's practice, either go find Company Y or start Company Z. Otherwise, they can do as they please, and you can either play by their rules or go home.

Also, I love how you sarcastically use the word privilege, when in fact you'

Re:

[Cervantes]

More often then not, it is directly the opposite of my own desires and preferences...
When a site asks for my personal information... I have no problem at all about lying to them. I give a fake name, a fake zip code and a fake email.

I think I may have found out why your advertisements don't always match up with your desires and preferences... ;)

Submitted by NetBuzz?!?!

[Anonymous Coward]

Do you need a bigger red flag that this is a submission by the company itself or a PR company working for the company?

Edit! You're editors! Use your noodle!

Re:

[Verdict]

Note that the submitters email address is "@nww.com" which resolves to networkworld. How much does it cost to get your product listed on slashdot these days?

Re:

[zIRtrON]

This post made me actually check who the submitter was - usually I'll read a few comments and get the gist - however that is rather sheepish. And now I'm thinking how this friend/foe stuff works on /. - I think it could do with a bit of a re-write. If a PR company is going to post something and waste all of our time to feed the machine and get stats, the submission process should take into consideration past sumbissions, simple poll from comment writers along with comment (did you visit the submitter's s

Moo

[Chacham]

PrefPass lets you grant any site a Pass to access your anonymous Prefs with one click. That's it. So whether the site wants to personalize their content, their recommendations, or their ads (this is a big one, helps the site make more money), they can ask you and you can say yes or no.

Interesting. Implementation should be interesting though.

Registration for what?

[TheWoozle]

I hate sites that require registration to access "free" content. Either publish your content to your "free" website, or charge me for it. I shouldn't have to tell you anything about myself to get access.

I know I'm jaded and cynical, but how much of the information that is entered into web site registration pages is genuine, anyway?

Re:

[sulliva]

Valid info?? I don't even give cashiers the right zip code, when they ask me for my zip at a local store to get their marketing flyers out.

Re:Registration for what?

[windowpain]

When the checkout chick at Linens 'n Things asks me for my phone number I always answer, "What's the use? You'll never call me. You never do. I wait by the phone night after night hoping and praying but it never rings. Stop teasing me."

oh well, fake registration...

[gd23ka]

But when I do let you know something about me, then know that even though I'm a high school dropout
I am also a 22 year old 5"4 athletic blonde female and I just love the sex older men can give me and I'm
interested in dating and romance. I like Billy Graham, Zachariah Sitchen but I hate Prince Phillip and
I earn more than a hundred thousand dollars a year working as a pharma whore.

Re:

[daeg]

It doesn't matter to the websites what info you give us. In fact, your fake information helps us more than your real information? Did you say you're 80 years old? Awesome. The stats are skewed similar to the way that election polls are. Certain groups are known to be under-represented so the information is skewed appropriately. While not entirely accurate, it helps.

Again, the websites that pull the info generally couldn't give a shit about your info. The advertisers do, though. Enough people provide real in

Re:

[Ken D]

"in exchange look at our advertising"

I never agreed to that.
Remember newspapers? I can read a newspaper without ever seeing an Ad anywhere but in my peripheral vision.
You can't make me look.
I won't look.
I won't even let me browser fetch your ads.
It's just wasted bandwidth for both of us anyway.

Re:

[daeg]

Late reply, but your comparison to newspapers is wrong: if you're reading a newspaper, someone, somewhere, paid for that piece of paper with that writing on it.

Re:

[InsaneGeek]

Actually it's not "free" content, you are paying for the content with advertising information. Just like Google, yahoo, MS Live, etc are not "free", you are paying them with your personal information which they then will sell to others. They don't have signups, cookies, etc just for annoyance and nobody ever looks at them, that data actually pays for the content.

Re:

[klenwell]

The biggest nuisance with registering for new sites for me is coming up with and managing new passwords.

I just use mushpup (http://mushpup.org/ [mushpup.org]) for that. If the site has a profile page, all the better. I'll list my password (notationally) there. For instance, my slashdot password:

m{this.site}

Then, yes, if they need more info, just make it all up -- unless it's a site I really trust or like. Don't need to be centralizing all my data with a new startup, thank you.

Tom

Re:

[hankwang]

I hate sites that require registration to access "free" content.

What's even worse is if they let in the search engine spiders (Googlebot etc.) but require registration (and sometimes even payment) from human visitors. Whenever I encounter such a site, I report it to http://www.google.com/contact/spamreport.html [google.com] as a cloaked page. If enough people do this, maybe Google will do something about it.

PrefPass for PrefPass

[MojaveHigh]

Can I use PrefPass to avoid registration for PrefPass?

Re:

[WoLpH]

They invented BugMeNot [bugmenot.com] for that ;)

Bugmenot link?

[paulproteus]

For some reason, the article omitted a link to bugmenot [bugmenot.com]. There's a Firefox extension [roachfiend.com] that automates the process.

If you don't know what this is, it's a user-maintained list of usernames and passwords for sites that "bug" you for registration. Some sites block Bugmenot-listed usernames and passwords but most don't.

Re:

[elrous0]

I thought the bugmenot extension for Firefox stopped working a long time ago. It hasn't worked for me in almost a year.

-Eric

Re:

[dtietze]

You don't need a FF extension. BugmeNot provides a "Bookmarklet" which you can simply drag to your toolbar folder and click on to open a small BugMeNot window. The advantage is that it's no depenent upon the extensions API or any extension maintainer. Look for "Bugmenot Bookmarklet" on their homepage.
I've been happily using that for quite some time now.
D.

Great! Until it's hacked, that is...

[Gryffin]

This should be a real boon to identity thieves.

Putting all your eggs into one pasket just makes it easier for someone to steal all your eggs. Won't people ever learn?

You may wish to RTFA...

[Penguinisto]

Umm, unless your email addy and bookmarks list is enough for someone to take out credit in your name, I sincerely doubt that...

I honestly don't see an easy way for spammers to cull this thing (unless they bust into the PrefPass servers, I suppose).

/P

No password?

[CurbyKirby]

A Web-based service, the PrefPass registration itself requires only two pieces of information from a user: an e-mail address and the URL of a first Web site or feed in which the user is interested.

So if you're only identified by an already public identifier (that being your email address), what's to prevent people from messing around with other people's preferences? Cookies can be lost by the legitimiate user and spoofed by an attacker. IP-based filering doesn't work for different users behind a common firewall. I wonder how they can get by without some sort of password. I wish they had a technical FAQ to go along with their press release.

Re:

[quick_dry_3]

the prefpass registration only requires an email address, but logging in requires email + password - it is right there on the front page: http://prefpass.com/ [prefpass.com]

I assume they'd just generate a password and send it out to you.

No surprises here

[rts008]

Just another vehicle to serve up even more advertising.

FTA: "In exchange, users agree to let PrefPass sites access their pref lists, thus allowing them to customize the experience, as well target advertising to the user."

I'll stick with BugMeNot, thank you.

I've used this...

[ArcherB]

I used this back when it was called BugMeNot [bugmenot.com]

I miss Gator.....

[rueger]

You know, as evil as it was, I really liked Gator for one thing - it did a pretty good job of autofilling forms. Like all good software it Just worked without a great deal of hassle.

Re:

[Larry Lightbulb]

What you need is http://www.roboform.com/ [roboform.com]

Identity URL

[hey]

Why not do identity but saving a vCard at a certian URL on your public website.
Sites that want logins can just as for your vCard URL. You have have several, they are unique,
you decide what goes inside. Startups can make tools for mananging them.
Nice.

Wrong Name for it!

[misterhypno]

PrefPass should be something like PassTheInfo, HandItOverToHackers or, maybe TARGET.

Because that's what it's going to become if the public and the corporations actually start using this thing.

One Big Target. Hackers start your engines...!

Lee Darrow, C.H.

Antagonistic?!

[suitepotato]

Looks like sites will have an incentive to implement PrefPass; it's not antagonistic to their interests in the way Bugmenot is.

What is antagonistic is requiring people to give full legal names, addresses, phone numbers, email addresses, shoe and genital sizes, blood type, genetic write-up, and winning lottery numbers for the next five years. Okay, so not as much as all that but you do feel that way, don't you? In this age of spam and violations of promises stated on these websites that you will not recei

Would this work for PB?

[codehead78]

I had thought about this kind of thing as a way for the MPAA to fight the Pirate Bay. If they provide a way to access PB torrents, through RSS or something, PB would lose ad revenue. There would be no signup, just view and access torrents posted on PB without the ads. Maybe put in some movie preview torrents (also hosted by PB) to get more people into theaters.

I'm sure there are safeguards that check ips before you can join a torrent so I'm not sure if this is even viable. It was just a thought.

Help Spammers Sidestep Site Registration

[dananderson]

I run a community bulletin board and believe me it get's a lot of robots (probably from zombie systems) sending spam. Registration greatly reduces this spam. Much as I dislike registration, I think this may be helping the spammers and reduce the availability of message boards.

Re:

[funfail]

Why not just requiring to answer a CAPTCHA while posting?

What's the point?

[haggie]

It's like asking a customer's name before you let him/her in your retail store. They don't have to tell you the truth, you'll let them in no matter what name they use, there is no useful purpose for the information, so all you've done is annoy your customer.

the real difference is of course...

[CDPatten]

MS was behind PassPort and anything MS is evil amd bad... right guys?

OpenID

[Anonymous Coward]

What is the difference between this and OpenID http://openid.org [openid.org]?

My Thought...

[Kaenneth]

There could be a standard HTTP header field defined.

Call it 'X-Demographics'

Contents would be of the form

"X-Demographics: Age/28, Location/Seattle, Sex/Male, Occupation/Programmer"

All free-form and user selected, with browsers offering a dialog where users can set common information, and choose when/where to send it.

Servers must not require the info, and must accept invalid data without dying ( "Age -1/Location The Moon/Sex Yes Please" ) but if provided, they can customize their content/advertising.

Sure, users might deliberatly provide false data, but they would do that anyway with a 'log on' form; and if you don't want to provide it, you don't (default in a browsers should be nothing sent without user approval) and browsers should be able to control which sites get sent what data. Even a simple mechanism, such as the first time you visit a site, do not send data, but if you return to the site later, then send it.

Details of parsing are trivial (I know, not really), once a standard basic layout and header field name is chosen, I'm going for something like the 'Accept:' field format.

I don't mind reasonable advertisments, but as an example, as a guy, I really have no interest in tampon ads, and I doubt the tampon companies want to spend their advertising dollars on me.

Is it just me.... or is it Gator again?

[thanq]

Doesn't it really do what Gator was supposed to do - store your address and personal information to use it on registration forms?

Blah....

Re:

[Shadyman]

Doesn't it really do what Gator was supposed to do - store your address and personal information to use it on registration forms?

...And report usage statistics?

Which is antagonistic again?

[Baloo Ursidae]

I'm sorry, when did giving the finger to someone who wants your email address, name, age, and set a dozen cookies suddenly become antagonistic instead of protagonistic? Woudn't the people wanting all kinds of info for a web article the ones being highly antagonistic?

Sxip?

[deanlandolt]

Doesn't sxip [sxip.net] already handle this simple little task? Gracefully, and as an open standard, no less.

Mailinator

[cs96and]

Whenever a site asks me to register before I can access content (and I don't mind my username/password being made public), I use http://www.mailinator.com/ [mailinator.com]. You basically make.up.an.email.address@mailinator.com, and then head over to the site, type in your made up email address, and it shows you the last 5 (probably spam) messages it has received. Of course its totally unsecure (but that's sort of the point), so be careful what you use it for.

Anonymous but for how long

[rednuhter]

Anonymous but for how long ?
1. Give PrefPass your email address - they assign you a unique ID
2. Visit vendor, PrefPass system passes you PrefPass unique ID
3. Vendors site gives you customised info based on your "prefs" list
4. You buy from Vendor, at this point you have to give them all the usual information required for billing.
5. Vendor associates unique PrefPass ID with vendor assigned ID and forever knows exactly who you are each time you vist.