Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Journal Journal: Invalid: Access Denied

Once upon a time long ago connecting to the Internet involved setting up a phone modem, taking your handset off the desk phone and laying it in a cradle, listening to the dial tone/connect handshake, then watching as a VERY slow string of characters appeared and typed their way across a black screen in beautiful bright green letters.

Things have changed. A lot of things have changed. And the future of our computer communications is going into a very dark land that even the likes of George Orwell's 1984 novel could never have foreseen. Mr. Orwell's book may be a bit of an overstatement, but maybe the future will be more like Andrew Niccol's Gattaca movie. I am not speaking about how your personal information will be used in ways you can't control (that is a story for another day), but how you can suddenly and without warning find that you are completely ex-communicated and powerless.

For the first time in the history of the Internet the public is facing a very real and very dangerous future brought on by a very few but very powerful Internet service companies. I will not name any particular company or website in this writing. I will only state the broad Terms of Service and Acceptable Use Policies that a lot of Internet companies apply to their customers and the controlling business methods they use in their practice. Anyone reading this can easily go out and research various websites and services to get a better understanding of the possible coming Dark Age of exclusion in our world.

Most, if not all, Internet users sign up for website services at one time or another. From online payment systems, to social networks, to online banking everyone has at some point created an account with a username and password. From the user's standpoint this is a useful feature as users can easily access and protect stored information on the service. Until just recently everything has worked pretty well with only a few minor exceptions. But as more independent services are becoming intertwined the multiple logins people use for each website are slowly becoming a single-point authentication system. And here comes the beginning of the end

I want to go back a few years and tell you a story about a friend who used an online payment system for his company. He sold collector baseball and board game cards through an online auction website. This online auction website had purchased the payment service he was using and had combined it with their auction site. Now, to be fair, you did not need to be a registered user of the payment service to use the auction website (there were existing laws covering that), but the auction website made it VERY difficult to use any other service. For 2 years his business grew and he eventually quit his job, rented a nice brick and mortar store, and began to live his dream to be self-sufficient. Then it happened

One day he discovered that the online payment service had terminated his business account. The only answer he got on the phone was that there was a "Violation of the Terms of Use and Acceptable Use Policy". No specific information was given, just that this decision was final and it could not be reversed. In other words, the online payment service said "We don't want your business, goodbye" and that was the end of it. Since 80% of his business was through the auction website utilizing this online payment service he was basically dead in the water. In order to stay in business he quickly switched over to his own merchant processing system (one he had acquired through his local bank to process credit card transactions directly). He then discovered that the auction website required an active account with the same payment service that he had been banned from using before he could integrate his own merchant processing system. After 2 months of struggling to sort all this out he finally had to close his doors and go out of business.

This is not an isolated case. Anyone can search the Internet to find stories just like the one above. And not just a few, but thousands of small businesses have been financially devastated by similar problems. I too have had my issues with this same payment service, but fortunately it did not financially wreck me.

The reason I decided to write this is because of a little incident I recently had with this "single authentication" trend. I received an invitation from a friend to try out a new "beta" game on the Internet. When I visited the site to sign up I was confronted by a statement that read "You must have a valid account on BLAHBLAH.com to download and play this game" (BLAHBLAH.com is NOT the actual name of the website). Since I did not have an account on BLAHBLAH.com, nor did I want to create an account on BLAHBLAH.com I could not proceed. Why would any company require you to register on a different company's website in order to use their services? Why would anyone think this was logical? And it started me to think of the future

Recently there was an article about a major website that offered various services to the public. This website decided to start a brand new service, and invite a small group of Internet users to sign up and test it out. Within a few weeks this major website began to enforce a policy that required real names to be used during the signup process. Without warning hundreds of users found that they could no longer log in to the beta test. And to their surprise these same users found that they could no longer log in to any other service this company offered, even if those accounts were in good standing for years. To make matters worse, some of these users owned very large organizations that suddenly found they were without services that were hosted by this company and loosing big bucks in the process.

Now in all fairness this company did fix the issue quickly. I will also concede that this company had a very real right to terminate any user it felt violated its company's policies. But it brought to sharp focus the real threat of having a single authentication system for services that had vastly different Terms of Service and Acceptable Use Policies. Violate the rules on one, and you may find yourself banned from all other services this company offers.

There have been several efforts to create a single authentication system for the Internet. Most of these have not made much stride in getting users to sign up or websites to adopt them as an authentication protocol. With open services like these, it was up to the individual websites to either allow or deny the user access. Today we are beginning to see private and closed companies push to become the single authentication service for the Internet, and with this trend comes major pitfalls for the public as a whole.

What if you had an account with a major WEBSITE, and this WEBSITE offered a service that allowed your account to be used as a single authentication source for other websites? And what if the other websites that you use on a daily basis adopted WEBSITE's signup system to the exclusion of their own? What if one day you found out that someone you met on the Internet decided to start a smear campaign against you and submitted several bogus emails to WEBSITE defaming you and claiming that you violated their user policies? And what if without warning your account with WEBSITE was terminated? What if that termination also caused a loss of access to your credit card website, your banking website, your home mortgage website, your insurance website, etc? What if there was no way to dispute the account termination with WEBSITE as it is considered final according to their Terms of Service? And this is just the bare tip of the iceberg of what could become your exclusion from society.

The above scenario may sound extreme, but before you go and say "That will never happen to me" I would just like to point out that smaller isolated yet just as devastating scenarios have already happened to many people. Usually confined to websites and services such as the examples I have spoken about, this trend is beginning to expand and may one day affect a great many Internet users.

Any company that wields this type of power over individuals to control their access to information and services will always, without exception, either abuse this power or by complete accident disenfranchise people. You may one day find yourself living in a world similar to the movie Gattaca (which is very good and I highly recommend you see it if you have not already).

May the universe have mercy on you if one day the screen displays, "Invalid: Access Denied".

Slashdot Top Deals

In English, every word can be verbed. Would that it were so in our programming languages.