Mar 17, 1998
Who does your digital identity belong to? Do you have the right to keep your identity private while you browse? Consider, in light of my email to Netscape's online community.
This note addresses two related but separate topics.
- When I signed up as a member of the Netscape Netcenter community, the system did not allow me to specify my email address. Rather, it obtained and posted an email address on its own. The address is correct, that is, it is a valid email address, however, it is an address I never use (I have about 5 email addresses).
What concerns me is that it got the *correct* email address for the account I am using. That shouldn't have happened.
I have set *all* my Netscape mail and news options to my other email identity. This includes my POP server and reply-to addresses, which are set to firstname.lastname@example.org
However, your system inferred (correctly) that the account I am using is in fact my email@example.com account. I can see how you could obtain my mb.sympatico.ca domain, however, you should not, according to the documentation I've seen, be able to obtain my userid. I have *never*, in my life, entered the sympatico address to any form, etc, so you're not getting it from a cookie or any static data on my browser. You must be obtaining it from my current ISP login information.
What I want to know is: how you did this. I run a Netscape Enterprise server myself and haven't seen any 'snoop on user id' features. So there's something else.
I am also concerned about privacy. My understanding of web browsing is that userids remain private, however, this very much dashes that assumption.
- My email address, as determined by your system, is now part of my userid. No problem, right? It's my account - just go in and change it.
Wrong. It turns out, in order to change it, I must obtain a digital certificate from Verisign in order to change my personal information.
One thing about this that troubles me is that nowhere was I told this *prior* to my signing on as a member. But let's let that go.
More significant is that I cannot change my own information without the intervention of a third party.
This raises concerns because, first, I know that Verisign is going to come back in six months asking for money, which I must pay, or otherwise they will toast my digital identity. I have refused to pay them in the past because I never cared. But now I've got something a little more significant going on here.
Moreover: if it's my identity, why can't I choose my own agency? I have no particular reason to trust verisign. However, all other things being equal, I'd rather employ a Canadian agency, subject to my country's provacy legislation.