InfoCard for anti-phishing


I just read this article by Lawrence Lessig, Stanford law professor and technocrat, describing the benefits of the next generation anti-phishing technology from Microsoft, InfoCard.  The article struck me as interesting because I had briefly discussed the IE7 anti-phishing technology with my father last night and I never even got around to the mention of InfoCard -- I had focused more on the browser features that helped to identify suspicious websites.


The design of InfoCard is much like that of a certificate system in which the identity of you, the user, is specified by an identity and you become your own known or trusted entity.  This identity could be tied to your computer, a smartcard, or a smart device (phone, pda, etc.) and then through that identity the user could control their online property.  The benefit of this is that it becomes very hard for phishers to use your identity on the Internet -- even if they steal commodity elements of a user's identity such as a login or password.


One of the coolest things about the InfoCard identity system is that it is built in an open manner and this is probably the reason it got the attention of Lessig.  Participants in the InfoCard system can create compatible systems royalty-free and without the need for reliance on Microsoft technology.  This will hopefully lead to broad adoption of the software and an overall improvement in people's trust for the web's marketplace.  I certainly would feel more comfortable with an identity layer preventing unauthorized access to my personal online accounts.


Skip to main content