Microsoft Releases New Secure Transaction Framework
I really like the idea that some clever cryptographic trick can ensure our privacy, but I’m afraid that Microsoft’s new technology won’t do the trick. The article points out the obvious reasons why companies don’t actually want you to have privacy (they want to be able to have a continuing relationship with their customers) however there is an interesting technical reason why this won’t work.
The fact of the matter is, most people have very obvious usage patterns that can be tracked across login sessions. In order to get useful information out of a transaction, the vendor doesn’t need to actually know your private details. If they know that “computer A” bought x, y, and z products, then they have a pretty good model of who the user of “computer A” is, even without having a name and address. Then the next time “computer A” logs in to do some shopping at their web site, the vendor can splash the appropriate ads across the screen. I think the real trick here is the ability to fund transactions without giving actual funding source information to the vendor. They will still know who you have as your credit card vendor of course, but at least they won’t be storing your card number on their server to have it stolen. And this is what the Microsoft technical information mostly talks about, but everything I have read on the web is talking about “privacy”, which seems like it will kill it for all the wrong reasons.