The website to accompany the pitch Mobile Network service has now gone live. Any Pitch member can set up a password using their mobile and then access almost all of Pitch through the web.

With the launch of the website, there are some added features available:

Cross-platform chat

• Mobile to PC to mobile personal chat
• Mobile to PC to mobile group chat
• Mobile to PC to mobile pitchmail (email internal to the site)

Video upload, sharing & commenting

• upload via mobile and view on the web or mobile
• upload via web and view on mobile or web
• supported formats: 3gp, avi, divx, xvid, mpg, flv, mp4
  (upload in any of these formats at it’s automatically converted to play on both web & mobile…)

Image upload, sharing & commenting

Mixed content albums

• have videos and images in the same virtual photo album
• share albums with the world, your friends or keep them private
• per-image/per-video/per-album comments

Blogging

• blog from web, appears on phone
• blog from phone, appears on web

WAP site persanalisation

• turn on or off portions of your profile for display in WAP

To translate slightly: You can, using your PC, chat with your friends who are on their mobile, and vice versa. You can also upload almost any video or picture (OK, we limit you to 2Mb or smaller file size) from your PC and then download it to your mobile - we do all the conversion for you, free of charge.

All the chatting & commenting functions you can do on your mobile you can also do on the web, and anything you do on the web will also appear on mobile.

Pitch members automatically get a URL that is unique as well - mine is www.pitch.mobi/cro - which is very easy to remember, as it’s my Pitch Tag!

And best of wall, there’s no client to download to your phone - as long as you phone supports WAP, you can access Pitch :)

You can tell how busy I’ve been with Pitch recently - the announcement that Microsoft will be including support for OpenID totally passed me by.

My comment: Yay!

I’ve always been partial to the idea of OpenID, especially as it’s similar to my own thoughts on transient identity. I’m also planning on implementing an OpenID server into Pitch.

I think the comment from one Home Office spokesman “It is hard to see why anyone would want to access the information on the chip.” says more about the fundamental lack of understanding of the problems with RFID-enabled passports than anything else.

Whilst the spokesman rightly goes on to mention that the information stored on the RFID chip is exactly the same as that printed on the passport itself, he avoids, either deliebrately or accidentally, the underlying problem: If the passport can be read electronically, that means there’s less need for the actual data printed in the passport to be checked, especially when trying to meet targets for processing travellers.

So, as soon as passport controls are put in place where all that is required is a valid RFID passport, which is not checked, then cloning passports becomes incredibly valuable, as it allows you to travel across borders as someone else, without having to have a very good passport forgery - all you actually need is a clonded RFID chip.

In any place where this type of checking becomes the norm, what’s the likelyhood of being stopped and asked to show a real passport?

Of course, if passport control stations retain human operators, who check that the photograph on the RFID chip matches the person standing in front of them, all someone needs to do is clone the RFID data and exchange the digital photo for a matching one, and you immediately have someone else’s details with your photo, and you can move through passport control quickly and easily.

Still, since it only takes 5 minutes to clone an ePassport now, so I guess you could do it whilst standing in line at the airport and become whomever you like.

There are reasons to like Valve Software’s Steam service. It makes buying and delivering new software easy. It lets you find friends you want to play with. And I’m sure a lot of other good things as well.

However, I don’t like Steam. I don’t like Steam to the point where I no longer want my Steam account.

My major criticism of Steam harks back to the release of Half Life 2. I bought the game using a credit card from a reputable high street store. In fact, I still have the original game box, DVD and receipt. The only problem is, Valve thinks I’m a pirate. And the only way to prove I’m not a pirate, that I bought my game legitimately, is to let Valve’s Steam software rummage around on my hard drive to ‘verify’ and ‘enable’ my game.

I know nothing will ever be done to change this, far too many people have acquiesced and Steam is far too ingrained amongst gamers to ever be changed to remove the automatic assumption that a person who buys a Valve game is not a pirate. Which is why I have chosen to never buy or play a game that uses Steam.

However, this does leave me in the position of still having a Steam account, which I did use to ‘verify’ and ‘enable’ the copy of Half Life 2 I bought on my credit card from a reputable high street store. I had to prove to Valve I wasn’t a pirate if I wanted to play their game.

Once I had finished with the game, I contacted Valve to have my account deleted, as I had no wish for them to retain any of my details, including my email address, and I had no use for the Steam account any longer.

One of the responses I got was frankly ludicrous:

As steam is a free product, you cannot cancel the account. You can disable the account by uninstalling
it.

What has being a free product got to do with cancelling an account?

It took several emails, and an assumption on the part of Steam’s support staff that I was trying to reset CounterStrike CD keys (which tells me they didn’t check my Steam account, which would have shown that I did not have any CounterStrike CD keys associated with the account.

I finally received the following email on September 24, 2004, after cc’ing Gabe Newell into the discussion - it says a lot when you have to include the company CEO in a support query to actually have your request read and dealt with:

Dear Tom, per your multiple requests I am disabling your Steam account efective imediatelly, remember that
this will not allow you to receive any emails from Steam including account/password recovery emails or have
access to your account.

If you have any more questions feel free to contact Steam Support.

The other day I saw my copy of Half Life 2 (which I can no longer play, as I’ve had to re-install my Windows OS several times) and thought I’d check out my Steam account to see if Valve had actually disabled it as I requested (something I really should have done at the time).

Of course, the first thing that happened was I was able to log straight into the account that Valve claimed had been disabled.

So I read through the Valve and Steam website again, and tried contacting Valve through the usual channels. I emailed SteamSupport (which timed out), and I emailed Privacy. Interestingly, the email given in the Privacy Policy as a contact point if you have concerns over privacy and the way your data is handled results in this auto-response:

Thank you for contacting Valve. This email address is monitored, however due to the volume of email we
get daily, you may not necessarily get a direct response.

So, if I have a concern over privacy, they may check the email inbox eventually?

I guess I need to go back to SteamSupport and create a new account just to have the old account disabled? After all, despite assurances from Valve that the account had been disabled, it appears that in reality it has been active and useable for more than two years.

And given Valve’s disinterest in actually dealing with privacy issues, what recourse do I have if the account is used fraudulently? From what I have been able to discover, I have no resource at all - I can’t even take the basic step of protecting my own data by requesting the account be disabled so that no-one, not even me, can use it. And should I actually want my details removed - well, that’s just not possible - after all, it’s a free service…

Technorati Tags: Valve, Steam, Half Life 2, Privacy, Identity Management

I think the title says it all. I know I’ve not been posting much (well, at all) for a while, but this really deserves a mention..

A story in today’s Guardian reveals that a team of researchers cracked the protection on the UK’s new biometric RFID passports in 48 hours, using less than £200 of over-the-counter electronics equipment.

“If you can read the chip, then you can clone it,” [Lukas Grunwald, founder of DN-Systems Enterprise Solutions in Germany] says. “You could use this to clone a passport that would exploit the system to illegally enter another country.”

Here’s a link to BoingBoing’s coverage as well…

The following is a crost-post from the Dark and Light forums.

I’ve eagerly awaited Dark&Light, and with the launch comes a few major teething problems that I am yet to overcome.

Firstly, as a UK resident, I have to pay in either Euros of US Dollars. Of course, at today’s exchange rates, this works out as:

US$54.99 = UKP£29.23
€54.99 = UKP£37.34.

I think I’ll pay in US$ thanks. Almost £10 cheaper to pay in US$?

Second problem - trying to pay via Click&Buy redirects me to the local UK partner BT Click&Buy - or rather, to an error page, telling me there’s a problem with the URL. OK, we can get around this by going to the main page.

Third problem, and I know this isn’t DnL’s fault - BT Click&Buy can’t seem to recognise the credit card I use for every other MMORPG I play. Oddly, it’s the same one I’ve been using for two years now. Worked fine for Everquest 2, World of Warcraft, Anarchy Online, DDO and a few others as well (including some in Asia). It’s also the one linked to my Amazon account, and I never have any problems buying stuff from there.

I know this has been thrashed out before, but I really have to question why the decision was made to use the services of Click&Buy when Worldpay has a standard creditcard payment interface that just… works. Sure, have alternate payment systems to allow people to pay (as in my case) through their phone bill, but if your chosen payment provider can’t even process a VISA from a major international bank (it made about US$8billion in profit last quarter), it indicates a wider problem for your potential customer base.

Following the game & forums over the past year (I was almost a Settler, but the DnL site failed with an error every time I tried to reply to the invite email), the decision to use Click&Buy has been one that rankled me. I’ve never been comfortable with using a third party intermediary when it comes to buying things - I like to deal direct (and I sideline as an Identity Architect, so the philosophy of Identity and who has copies of my details is one I am very conscious of).

I really do want to play Dark & Light, but the company has erected too many barriers to entry. The first, and largest barrier, is the decision to outsource payment services to a third party. I don’t know who Click&Buy are, I’ve never used them, and I have no reason to trust them.

I’ll keep an eye out and see how things go, but until subscriptions are offered directly I think I will have to skip becoming a paying subscriber. I think I might spend my US$55 on another MMORPG instead.

One of the things I find interesting is that as a potential customer, the decision to use a third party identity provider (effectively) has been the primary factor in my decision not to play. The question here in my mind is entirely one of trust: I simply don’t trust the payment provider the service provider requires me to use.

In the current climate I would much prefer to deal direct with the company whose services I am purchasing, as there is no Identity Infrastructure in place that I trust to act on my behalf - there’s no Transient Identity providers, no centralised Identity Providers, and certainly no user-centric identity service that I could use. The company behind Dark and Light has chosen to require potential customers to jump through a series of hoops with a third party provider (in some reported cases including telephone verification of an account created with a credit card) before they can participate. Not entirely sure that’s a sound business practise…

Technorati Tags: Dark and Light, BT Click & Buy, MMORPG, PC Game Online Game, Online Payments, Privacy

Mark’s raised the idea that credit bureaus could act as Identity Providers under the concept of User-centric Identity (I’m still catching up on the reading!). My only comment to this is:

I bloody well hope they don’t.

A very quick search using your favourite search engine throws up reams of examples where such credit bureaus hold incorrect information about consumers, often to the point of holding outright lies, and not providing a mechanism whereby consumers can correct - or in many cases even check - the information held about them.

Even a recent piece in the Consumerist illustrates problems with credit bureaus and the information they hold about people, and the lack of care taken in cleaning the data and informing associated agencies of the change.

The major problem with credit bureaus being providers of identity information is that there is no benefit to them in expending the time and effort in either checking that the information held about someone is correct, or in implementing procedures to allow consumers to check and correct such information. The first is time consuming and costly, and the second is time consuming, costly and will require the implementation of identity checks, which makes it even more time consuming and costly.

Technorati Tags: Identity Management, Digital Identity

Those of you who read my site regularly will have noticed I’ve not been very forthcoming on the subject of Identity Management recently. This is entirely due to my workload and wrangling some projects around. I’m coming up to the end of my contract with the University, so my time there has been devoted to documentation and design work, leaving me very little time to keep up with what’s going on in the world of Digital Identity.

I currently have a whole series of posts marked for reading, including the recent series on User-Centric identity (something I’m particularly keen on as I see it as part of my thoughts on transient identity), and I really want to get stuck into a reply to Johannes Ernst and Superpat on the subject of Multi-Protocol Identity Implementations (which is related to, or perhaps is the precursor for, user-centric identity).

It got so bad I even wrote my own little web-app to let me quickly bookmark pages to read later - obviously named ‘Followup!’ of course (if you want to play with it, drop me a note and I’ll tell you where to go).

I’ve never been to Copenhagen. One of the wanted themes this year is identity management - who else is thinking of going?

Technorati Tags: reboot 8, identity management, identity

I recently posted about Robin Wilton being interviewed for the Story of Digital Identity, and a posted comment from Robin remined me that I never revisted that post and made comment on the actual interview.

At least not on this blog, although I did pass my comments back to Aldo Castañeda via email.

All in all I thoroughly enjoyed the interview. It was also interesting hearing a little about Robin’s background with Sun and the area he’s working in, and as always it was very interesting listening to his thoughts on digital identity.

A lot of the discussion was on the subject of User Centricity in digital identity, a concept I agree with in many ways. One of the key points made as well was the general lack of awareness of potential responsibility in terms of ‘ownership’ of digital identity, and as usual Robin made his points and explained his thoughts clearly and concisely, bringing in various real-world examples of problems with digital identity and the idea of personal responsibility for a person’s own digital identity.

So, if you haven’t already downloaded the interview, the you should do so now.