Conversation
Notices
duck1123!identica now shows all my registered OpenID addresses. Somewhat of a privacy violation and they assume they are all valid URLs. forgot XRI
habi@duck1123 ain't that the idea of OpenID addresses that they should be as open and visible as possible? And if you got feedback, you should send it to @evan: http://identi.ca/notice/95268982
0re0@habi I'm not sure that's the idea. More like you should be able to set the privacy level per #OpenID.
- habi
@lnxwalt140 I was thinking that #OpenID should be as visible as possible. And thus be one of the single ways to sign in everywhere(TM)
- 0re0
@habi Your private website or webmail acct could be an OpenID. Not necessarily okay to disseminate it.
- habi
@lnxwalt140 not necessarily, I agree. But in certain cases desirably. Give feedback on this to Evan, he was asking for it: http://identi.ca/notice/95268982
evanI'm listening, don't worry! It's a best-practice to allow opting out of OpenID display; I've got a fix coming in <1hr.
- habi
@evan i'm all for it, especially since I really think that everyone and their siblings should use #OpenID for all login purposes. And not give in to the all-to-ubiquitoous "Log in with Facebook" and "Log in with Twitter".
laurelrusswurm@habi @evan I prefer to log in with distinct accounts; logging in with another account seems dreadfully insecure
- evan
Why's that?
- laurelrusswurm
@evan It's that "all the eggs are in one basket thing" ... when one account gets hacked, all are at risk
coyoit doesnt help that most people only use a single password for everything.
- laurelrusswurm
@coyo Yes, that's a problem that's part of the problem most people don't understand why not to.
- laurelrusswurm
@coyo problem made worse when those entrusted with our personal info being more concerned with the appearance of security than real security
- laurelrusswurm
@coyo Security Questions routinely include "mother's maiden name" which is outrageous, since its a matter of public record.
- laurelrusswurm
@coyo the only way security questions are secure if your answer is actually the answer to a different question #becomescumbersomequickly
- evan
I like OpenID because I can make sure that the login mechanisms I use are actually decent.
- laurelrusswurm
@evan I know enough to be careful; but knowing what is decent is far more difficult for non-tech folks.
- laurelrusswurm
@ I've heard OpenID is good, but this thread made me thing Google has something to do with it... is that true?
evanGoogle is an OpenID provider, but it didn't invent OpenID.
- laurelrusswurm
@evan My concern is if Google has access to OpenId data; my thinking is Google knows far too much about all of us already w/o giving more
- evan
If you use a Google OpenID, yes. If you don't, no.
- laurelrusswurm
think ;o
zoowarBut you only have to change your credentials once after you become aware of the situation.
- laurelrusswurm
@zoowar if you have a lot of accounts, that can still be a lot of breaches, even in the short space until you discover it
- habi
@laurelrusswurm if you would use google as an #OpenID provider you could use their 2-step-authentification security, making it extremely unlikely that someone can breach your account.
- laurelrusswurm
@habi Concern is less that "someone can breach [my] account" but Google already has far too much information about me; that would give more
- laurelrusswurm
@habi My concern about Google's reach and control of private information was nebulous until it extrorted my cell phone #
lnxwalt280@laurelrusswurm I think it is more secure than having accounts on fifty different sites.
- zoowar
I prefer https://browserid.org/ to openid. Neither is gaining traction because google and facebook track you better when you're logged in.
cyberkiller@zoowar #OpenID is getting traction, but noone talks about it - they implement it silently and then you get things like 'login with Steam'
samatjain@zoowar Depends on what you mean by "traction"… everyone and their dog is an #OpenID provider, but very few relying parties
- zoowar
That's the point. Providers have usurped openid into their walled gardens.
- zoowar
Implementing a provider is not implementing openid.
- 0re0
Now, wait a minute. Though they don't announce it as OpenID and often restrict to just a few providers, lots of sites using #OpenID logins.
- zoowar
The only site I use that supported "unbiased" openid is Hacker News. They ditched it a month back. http://ur1.ca/9r6pq
- 0re0
I also wish the sites that do use it supported user@site syntax along with url syntax.
- habi
@evan and thinking a wee bit more about it: I really should get to making http://davidhaberthür.ch/ my #OpenID presence/provider instead of relying on yahoo/Google...
- coyo
that's really public. o.o
- habi
@coyo it's in the publicly available swiss phone book anyways (http://is.gd/hmDy3W), so there's no need to hide my data. I can understand if someone would want to hide theirs, though...
- evan
Thanks. Is it a privacy violation? I'll add a flag to hide them if you want to. Ditto Twitter, Facebook accounts.
- evan
Yes, ISTR there's a transform from XRI to URL but I can't remember what it is.
- 0re0
I think, though, that this should be required reading RE #OpenID: http://ur1.ca/9r3ov
All μ.davidhaberthür.ch content and data are available under the