Feeds

Novell digitalme – a privacy can of worms?

The company's intentions may be honest, but that might not help...

  • alert
  • submit to reddit

Security for virtualized datacentres

Novell has leapt into the profiling technology business with its digitalme announcement yesterday at Internet World in New York, seemingly without looking for landmines first. The consequence may be that it finds itself attacked by privacy advocates, when all it was really trying to do was to show that NDS was a secure product that could be used to limit information voluntarily disclosed by users to e-businesses. The digitalme extension to NDS, Novell says, is to allow users to "take control of how their personal information is shared, used and maintained on the Net, and results in a more dynamic and intimate relationship between businesses and their customers". The service Novell is offering requires a user to have a (virtual) "meCard " that contains different levels of personal information, depending on what the user wishes to disclose. Businesses, Novell says, will be able to use digitalme "to extend their brands and offerings... by giving customers more personalised channels and access to their services" with any browser supporting SSL and JavaScript. Novell claims that the advantages to users include not having to remember passwords and user names, and to determine how much information they release. No software needs to be downloaded to activate digitalme, which is described as a "zero-byte technology" that is platform-independent (supporting NetWare, NT, Solaris, IBM and Linux). Users can register on the digitalme website. It also seems somewhat far-fetched when Novell suggests that users might "only allow their favourite e-tailer [yuk] to see certain demographic information in exchange for product discounts". A few partners have lined up with Novell - AOL (with "Instantme", which allows digitalme users to send messages to Instant Messenger users), Citigroup and Compaq among them. Novell evidently sees the pay back being from e-businesses, portals, ASP/ISPs and retailers. Novell cites research from Business Week/Harris that suggested that 77 per cent of current Internet users (presumably in the US) had not purchased anything online, and that of these non-buyers, 86 per cent cited privacy fear as the most important reason for their restraint. We wonder whether "privacy concerns" was offered as the easy-to-choose option in the poll, and if so, whether this is really true. The possibility that users might not want to buy online, or may have no spare money, or just want to use email is something that many vendors do not want to consider. The In-the-Net services group set up by Novell will be run by Steve Adams, late of Citrix. Novell has plans for a digitalme logo for companies that agree to privacy rules, but it will require digitalme to reach a critical mass before it can be implemented. This announcement is a development of the open profiling standard (OPS) proposed in 1997 by Netscape, VeriSign and FireFly, which received wide backing, except from Microsoft of course. FireFly had developed some profiling software, which Microsoft acquired when it bought FireFly/Hotmail and used the technology for MS Passport, which so far can only be used on MSN sites - a somewhat limiting factor. In W3C, OPS influenced what is now called the Platform for Privacy Preference (P3P), in which Microsoft but not Novell is active. Microsoft submitted its own submission to W3C a month or so after the OPS proposal, citing the P3P work (which was called P3 at the time) and advocating a prominent role for XML. digitalme also ignores the issue of cookies. W3C/P3P has only half-baked ideas on the subject, admitting to being uncertain as to whether P3P would supercede the need for cookies, and noting that P3P will not solve all privacy concerns. A small embarrassment is that W3C itself uses HTTP log activity. So far as European issues like the Data Directive and data protection legislation are concerned, Novell is silent. W3C says it's not exactly clear about implementation issues, although it points out that the data practices part was an international effort. So far as browsing web sites in other countries is concerned, W3C says "Issues related to privacy protection across jurisdictions are complex; this is why we designed P3P as we did" which sounds a touch enigmatic. It is expected that P3P will become a W3C Recommendation in mid-January. Novell appears to have been somewhat naive on the privacy front. While extolling the security features of NDS and its "respect for personal privacy" and "less intrusive marketing", it makes no mention of P3P in its announcement. The suspicion lurks that this is something of an e-commerce recruiting campaign to persuade users to sign up for advertising onslaughts. ®

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Special pleading against mass surveillance won't help anyone
Protecting journalists alone won't protect their sources
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.