Feeds

Novell digitalme – a privacy can of worms?

The company's intentions may be honest, but that might not help...

  • alert
  • submit to reddit

High performance access to file storage

Novell has leapt into the profiling technology business with its digitalme announcement yesterday at Internet World in New York, seemingly without looking for landmines first. The consequence may be that it finds itself attacked by privacy advocates, when all it was really trying to do was to show that NDS was a secure product that could be used to limit information voluntarily disclosed by users to e-businesses. The digitalme extension to NDS, Novell says, is to allow users to "take control of how their personal information is shared, used and maintained on the Net, and results in a more dynamic and intimate relationship between businesses and their customers". The service Novell is offering requires a user to have a (virtual) "meCard " that contains different levels of personal information, depending on what the user wishes to disclose. Businesses, Novell says, will be able to use digitalme "to extend their brands and offerings... by giving customers more personalised channels and access to their services" with any browser supporting SSL and JavaScript. Novell claims that the advantages to users include not having to remember passwords and user names, and to determine how much information they release. No software needs to be downloaded to activate digitalme, which is described as a "zero-byte technology" that is platform-independent (supporting NetWare, NT, Solaris, IBM and Linux). Users can register on the digitalme website. It also seems somewhat far-fetched when Novell suggests that users might "only allow their favourite e-tailer [yuk] to see certain demographic information in exchange for product discounts". A few partners have lined up with Novell - AOL (with "Instantme", which allows digitalme users to send messages to Instant Messenger users), Citigroup and Compaq among them. Novell evidently sees the pay back being from e-businesses, portals, ASP/ISPs and retailers. Novell cites research from Business Week/Harris that suggested that 77 per cent of current Internet users (presumably in the US) had not purchased anything online, and that of these non-buyers, 86 per cent cited privacy fear as the most important reason for their restraint. We wonder whether "privacy concerns" was offered as the easy-to-choose option in the poll, and if so, whether this is really true. The possibility that users might not want to buy online, or may have no spare money, or just want to use email is something that many vendors do not want to consider. The In-the-Net services group set up by Novell will be run by Steve Adams, late of Citrix. Novell has plans for a digitalme logo for companies that agree to privacy rules, but it will require digitalme to reach a critical mass before it can be implemented. This announcement is a development of the open profiling standard (OPS) proposed in 1997 by Netscape, VeriSign and FireFly, which received wide backing, except from Microsoft of course. FireFly had developed some profiling software, which Microsoft acquired when it bought FireFly/Hotmail and used the technology for MS Passport, which so far can only be used on MSN sites - a somewhat limiting factor. In W3C, OPS influenced what is now called the Platform for Privacy Preference (P3P), in which Microsoft but not Novell is active. Microsoft submitted its own submission to W3C a month or so after the OPS proposal, citing the P3P work (which was called P3 at the time) and advocating a prominent role for XML. digitalme also ignores the issue of cookies. W3C/P3P has only half-baked ideas on the subject, admitting to being uncertain as to whether P3P would supercede the need for cookies, and noting that P3P will not solve all privacy concerns. A small embarrassment is that W3C itself uses HTTP log activity. So far as European issues like the Data Directive and data protection legislation are concerned, Novell is silent. W3C says it's not exactly clear about implementation issues, although it points out that the data practices part was an international effort. So far as browsing web sites in other countries is concerned, W3C says "Issues related to privacy protection across jurisdictions are complex; this is why we designed P3P as we did" which sounds a touch enigmatic. It is expected that P3P will become a W3C Recommendation in mid-January. Novell appears to have been somewhat naive on the privacy front. While extolling the security features of NDS and its "respect for personal privacy" and "less intrusive marketing", it makes no mention of P3P in its announcement. The suspicion lurks that this is something of an e-commerce recruiting campaign to persuade users to sign up for advertising onslaughts. ®

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Nokia offers 'voluntary retirement' to 6,000+ Indian employees
India's 'predictability and stability' cited as mobe-maker's tax payment deadline nears
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.