On Password Managers

Tim Bray on what a password manager should do, the risks of syncing your passwords via a centralised web-based store, and 1Password's move to this very (subscription-based) model for business reasons. Succinct, well-written and worth a read: we all use a password manager now, even if it's iCloud Keychain on iOS and macOS or the password auto-fill on Chrome or Firefox.

Misunderstanding Aadhaar as proof of identity

This week, I collected my passport from the collection centre at BKC in Bombay using the credit-card-size version of my Aadhaar card as proof of ID. Just to see if it would work – no problems at all.

This is serious. I could have forged another person's Aadhaar card easily and picked up their passport, or someone could have forged my card and collected my passport. Mere possession of an Aadhaar card means nothing; it needs to be verified via any of an OTP, fingerprint scan or iris scan.

Or take this message SBI has sent its customers, demanding a photocopy of their Aadhaar card in order to link their A. number to their bank accounts:

It is trivial to link your Aadhaar number to someone else's bank account, or have your account linked to another's number.

When the largest bank in the land doesn't understand fundamentally how Aadhaar works, we have a big problem [1].

The government needs to launch an aggressive educational campaign if it is to build confidence in the mandatory use of Aadhaar for public and private services.

[1] If done right, Aadhaar-based verification (or linking) is far more efficient than processing paper. Imagine if I could walk into an SBI branch, type in my bank account number and Aadhaar like you do at web check-in counters, scan my finger and walk out. It would take less than a minute per person and no staff. Each branch likely has a fingerprint scanner already given that it's how they sign up new accounts.

Small Identity

The solution is to give your identity a very small footprint. The fewer things you define yourself by, the fewer constraints you have on further growth.

Tynan.

As phone calls move to the Internet

It’s 2017 and the quality of the average WhatsApp and FaceTime call in Bombay and other cities has gotten better than that of a regular voice call.

There’s also enough anecdotal evidence to suggest regular voice call quality has in fact dropped: voices scrambled or cutting out; calls dropped even when not moving between cell towers.

As operators optimize for data over voice, both with bandwidth and pricing, people will soon prefer calling others over these services than a regular phone call, and soon it’ll be the norm.

This is also exciting because there’s a robust application layer for voice-over-IP (and video over IP); most major messaging applications have or are building voice & video calling capabilities: Skype, Duo, Hangouts, Facebook Messenger, WhatsApp, FaceTime, Slack. Most have easy interfaces to add and remove people to/from calls, message alongside a call, and save these recordings and messages.

As text <> speech tech gets better (not in small part due to work on voice driven assistants), transcribing calls with be easy too. Skype has had an early version of real time translation working for a while now. People can already take and make calls from/to other Apple devices (iPad/Mac), and more messaging apps will likely offer this. And who knows what experiences AR will bring to this.

In an alternate world, operators (carriers/telcos) would have made it easy for third parties to build services on top of regular voice networks. That’s not what happened, though, and they have become dumb pipes. Short of dismantling a neutral Internet, I don’t see how they can become anything other than utilities (not that that is a bad thing).

This also shows how important, no critical, open standards are. None of this would have been possible without a published TCP/IP protocol, so an iPhone on a Vodafone 4G connection in Bombay can make a Whatsapp call to an Android on Wifi in Buenos Aires. Of course each of these video/audio services are closed, non-interoperable, and that will bring with it its own set of problems in the years to come.