back to article Microsoft working to scale Blockchain for grand distributed ID scheme

Microsoft's wanted a really good federated identity scheme ever since the early 2000s, when it gave the world Project Hailstorm, aka ".Net My Services", to let a web of online services know a little about you and the information you are happy to share with others. Hailstorm passed, swept back years later as Geneva Server and …

  1. Tim99 Silver badge
    Big Brother


    ...personal privacy, security and control. What could possibly go wrong?

  2. JakeMS

    Microsoft ID?

    Isn't this pretty much what the "MSN Passport" account (or whatever they call it now) is for Windows users? It's used for the Windows computer login and all MS services. I believe some websites can choose to use it also.

    Also, if this thing becomes mandatory over various websites or other places, they would be hugely inconvenient for those like me who do not currently, or ever intend to use any Microsoft services/products for various reasons.

    I guess as websites implement this, I'd just have to stop using those websites, I'd have no choice as I do not agree to Microsoft's terms of service or privacy policies, thus I am not allowed to use their services or products.

  3. Anonymous Coward
    Anonymous Coward

    Dear Redmond

    ID? - Outside of the corporate world you've got a bit of a Trust / Truth / Transparency issue to deal with. Namely Facebook-like-slurp at OS-level, and forced updates to guinea-pig home users etc. See if Blockchain can fix that! /Lifelong-MS-Dev who now proactively promotes Linux to clients....

    1. Anonymous Coward
      Anonymous Coward

      Re: Dear Redmond

      Even if Microsoft stops invading Windows privacy, as Google stopped actively scanning Gmails supposedly (loss of corporate Cloud sales). The tricky question is, would you trust them again, after that first breach of trust? I never trusted Yahoo again after the first data breach and that proved to be the absolute right call.

  4. Milton

    The trust issue

    The trust issue ... looms as soon as you consider allowing Microsoft or any of the tech giants to get their greedy, dishonest and so frequently careless hands on your data. No company is to be trusted that would barefacedly try to trick its customers into installing unwanted software (the notorious Close-means-Yes on W10 installs) or deliberately invade and rape your WiFi (Google's Streetview data theft, lied about for so long by the laughably subtitled "Don't Be Evil"). Only a fool would trust these corporations. At all. Ever. There are words for people who lie and cheat in order to get your money and I can't think of any reason why we'd treat internet businesses differently. (Or VW; or Big Pharma; or tobacco; ... etc)

    That all being said, exploitation of blockchain tech might be MS's way of acknowledging this. If I understand the proposal correctly, even MS themselves would not be able to exploit or compromise key data because the true security would lie in the distributed nature of blockchain and its purported incorruptibility—though of course the Devil-in-the-Detail is those last two words, because even blockchain might conceivably be misused by a sufficiently powerful, resourceful and canny adversary: one with an awful lot of global computing power, for example.

    Blockchain is acknowledged to have disadvantages, one of which is sheer cumbersomeness, which also then leads to performance problems. (Given the astronomically high transaction rates of modern finance, it's never been a great surprise to me that blockchain struggles with currency and is instead finding its perfect use case in contractual stuff). MS thinks, or at least says it can address this, and make the tech more agile, but there are good mathematical reasons to suspect that excessive minimisation of the chain will soon lead to vulnerability, so one has to wonder whether MS will introduce "compromises" for "performance" reasons, and if so whether those compromises will miraculously weaken the distributed security of the tech while handing too much responsibility back to MS. Microsoft do not have magic wands. They have some great engineers, and even honest employees, but those folks are employed by a board that has to satisfy greedy shareholders, and this company does have a dreadful history of deceit.

    Which is a lengthy way of asking if this path will lead to an "improved, performant" (subtly crippled) blockchain implementation which lures users into thinking this means they can trust MS when, under the covers, the company preserves the ability to snoop?

    Put yet another way: why would I trust MS not to be conniving to steal data, yet again, when it still refuses to remove the staggering mass of spyware in W10?

    Bonus Question: Is W10 adoption held back more by concerns about spying, or because of its horrible interface? Discuss

    1. yoganmahew

      Re: The trust issue


      "That all being said, exploitation of blockchain tech might be MS's way of acknowledging this."

      Or it might just be a way to use a technology that is touted as offerring anonymity (currently) to do exactly the opposite and track evey single think you do unambiguously.

    2. Lysenko

      Re: The trust issue

      Bonus Question: Is W10 adoption held back more by concerns about spying, or because of its horrible interface? Discuss

      Using a standard statistical significance threshold of 5% (i.e. 1 PC user in 20), I suspect that no-one cares about Win10 telemetry and most people using earlier versions simply don't see any compelling need to upgrade.

      I base this on incontinent FarceTwitGooDroidCloudSnipGram settings and usage behaviours the majority of people seem perfectly relaxed about. If you see no problem with all your email, documents and photos being stored in cleartext on a Google server while your phone tracks and uploads your every movement and undetermined amounts of what you say, why would you suddenly get agitated about the (vastly less invasive) implications of Win10. The fact that much of this Google tracking can be switched off is beside the point - most people apparently don't care enough to do so.

  5. zebthecat


    It would appear that the way to get Blockchain to scale as a decentralised ledger is not to use the chain as a decentralised ledger at all.

    Innovative but doesn't that defeat the point?

  6. Anonymous Coward
    Anonymous Coward


    ..Teresa May has just wee'd with excitement. Gibbering something about "terrorists" and "pedos" and "Daily Mail"

  7. Anonymous Coward
    Anonymous Coward

    distributed identity

    I'd have though many here would have already had a distributed identity. Like, er, "being British", or Scottish, or English, or whatever. Possibly, even being a member of the Left Wickleham Chess Club might count :-)

    1. Anonymous Coward

      Re: distributed identity

      My identity appears to have been hijacked by El Reg's most prolific commentard!

    2. Anonymous Coward
      Anonymous Coward

      Re: the Left Wickleham Chess Club

      At least we now know that the phantom downvoter is from the Right Wickleham Chess Club!

  8. Pen-y-gors

    What is the fundamental purpose of ID?

    This is an interesting one. They may or may not be successful in their aim, but even if they are, why would it be useful?

    What is the purpose of ID in the context of access to systems? It is to show that a particular instance of a person or system is entitled to access. It's no more than a door key. And if I am authorised to open the door on my house, and also the door on my office and to start my car, there is absolutely no need to link the three together. If I have a key to a particular door/mechanism I get access. "One key to rule them all" is not a great idea.

    Same with ID - universal ID is unnecessary, and probably even a bad thing. Why should I use the same ID to buy a pair of socks at as I do to view videos on or submit my tax returns? The government may want me to use the same ID for all my interactions with them, but that's about all. I can see why Google/FB etc want to be able to link my sock purchases to my viewing habits, but that's so they can make money, and I will do my best to screw up their data.

    Obviously there are issues with stealing/copying keys/IDs - but given that absolute 100% security is not possible (Newton's 4th Law) the risks are minimised by having different identities/keys for different things, to minimise the risk of wider problems if one ID/key is lost.

    1. Bob Starling

      Re: What is the fundamental purpose of ID?

      One ID to rule them all and in the darkness bind them!

    2. Claptrap314 Silver badge

      Re: What is the fundamental purpose of ID?

      Money. Somehow, your employer needs to funnel payments into bank account you manage so that these funds can work their way to the sellers of socks, houses and cars. Of course, it is entirely possible to break these transactions up into swarms of TOR-class actions, there is a real cost in the wetware layer of the user to doing so. Nevermind the technical challenges of making such a system robust against well-motivated attackers (both at the individual and system levels).

      We cannot get a usable system for signing emails. What kind of user interface do you propose to disaggregate identities across financial transactions?

      1. Pen-y-gors

        Re: What is the fundamental purpose of ID?


        The same system we have at the moment - multiple login details.

        My employer gets my (public) bank details so they can transfer money in. I have an ID (username/pw etc) to access that money and transfer it elsewhere. It is not the same ID I use to access my savings a/c at the building society. Online payments work quite well via Paypal, where the recipient does not get my banking details, merely the agreed amount of money, and any sock-retailer will have fun matching John Smith up against customers of my preferred retailer of ladies gents under-garments

    3. onefang

      Re: What is the fundamental purpose of ID?

      "It's no more than a door key. And if I am authorised to open the door on my house, and also the door on my office and to start my car, there is absolutely no need to link the three together."

      Many people link those together, on the same key ring.

  9. handleoclast
    Thumb Down

    Microsoft are going to improve it

    Obviously, they'll improve it using the technique of creating a twisty maze of protocols operating in unfathomable ways. There will be remote procedure calls, strange DNS entries that are vital to functioning as designed but never needed to be there in the first place, the embrace and extension of totally unrelated protocols in bizarre ways, kluges to get around problems that should never have existed, and general obfuscation.

    Sorta like Active Directory. Only not as good.

  10. Mahhn

    not again

    This is for destroying anonymity, nothing else.

    first it was Intel with the ID on the CPU, now MS with block chaining us, bah.

  11. Anonymous Coward

    I beg to differ

    Frankly, I am much more interested in having a secure ID that ensures that I am the only one who can ever access my bank or brokerage or credit cards or medical records or phone account than I am concerned that Microsoft or Google knows what bank or brokerage or credit cards or medical providers or phone account I use.

    Sure, I would prefer that the blockchain system be set up and funded by some philanthropist with no connection to any profit making concerns (including cryptocurrency exchanges), but such billionaires are few and far between. But until that happens I'd rather have my secure ID because my every move on the Internet (and yours) is already tracked.

  12. Anonymous Coward
    Anonymous Coward

    Neither Microsoft’s nor Apple’s business models require stealing and reselling personal data. On this at least they are far, far more trustworthy than Google or FB.

    1. Anonymous Coward
      Anonymous Coward

      'Microsoft’s business models require stealing and reselling personal data.'

      "When we talk about why we're upgrading the Windows 10 install base, why is that upgrade free? MS CFO asked during a meeting with Wall Street analysts. These are all new monetization opportunities once a PC is sold. Microsoft's strategy is to go low on consumer Windows licenses, hoping that that will boost device sales, which will in turn add to the pool of potential customers for advertising...."

      "CEO Nadella has referred to the customer revenue potential as 'lifetime value' in the past -- and did so again last week during the same meeting with Wall Street -- hinting at Microsoft's strategy to make more on the back end of the PC acquisition process. The more customers, the more money those customers will bring in as they view ads..."

      1. handleoclast

        Re: 'Microsoft’s business models require stealing and reselling personal data.'

        This marketing shift was anticipated, and extended, here back in 2012.

  13. Lou 2

    And here we go ...

    Like all new Open type developments the established vendors soon enough recognize that it may impact their bottom line, And they start including it as part of their offering in such a way that it will eventually melt down and die.

    Cue in point - Block Chain - watch the vendors starting to "include" it as part of their products. What they don't get - it can't be regulated like regular offerings. Or maybe they do and want it to fail.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like