!identica now shows all my registered OpenID addresses. Somewhat of a privacy violation and they assume they are all valid URLs. forgot XRI
@habi Your private website or webmail acct could be an OpenID. Not necessarily okay to disseminate it.
I'm listening, don't worry! It's a best-practice to allow opting out of OpenID display; I've got a fix coming in <1hr.
@evan i'm all for it, especially since I really think that everyone and their siblings should use #OpenID for all login purposes. And not give in to the all-to-ubiquitoous "Log in with Facebook" and "Log in with Twitter".
@evan It's that "all the eggs are in one basket thing" ... when one account gets hacked, all are at risk
it doesnt help that most people only use a single password for everything.
@coyo Yes, that's a problem that's part of the problem most people don't understand why not to.
@coyo problem made worse when those entrusted with our personal info being more concerned with the appearance of security than real security
@coyo Security Questions routinely include "mother's maiden name" which is outrageous, since its a matter of public record.
I like OpenID because I can make sure that the login mechanisms I use are actually decent.
@evan I know enough to be careful; but knowing what is decent is far more difficult for non-tech folks.
@ I've heard OpenID is good, but this thread made me thing Google has something to do with it... is that true?
Google is an OpenID provider, but it didn't invent OpenID.
@evan My concern is if Google has access to OpenId data; my thinking is Google knows far too much about all of us already w/o giving more
If you use a Google OpenID, yes. If you don't, no.
But you only have to change your credentials once after you become aware of the situation.
@zoowar if you have a lot of accounts, that can still be a lot of breaches, even in the short space until you discover it
@laurelrusswurm I think it is more secure than having accounts on fifty different sites.
I prefer https://browserid.org/ to openid. Neither is gaining traction because google and facebook track you better when you're logged in.
That's the point. Providers have usurped openid into their walled gardens.
Implementing a provider is not implementing openid.
Now, wait a minute. Though they don't announce it as OpenID and often restrict to just a few providers, lots of sites using #OpenID logins.
It is true that they are misusing what should be site-independent logins, but they are using #OpenID behind the curtains.
@habi Take a look at SimpleID. I’ve got an instance running on my site and I’ve switched everything to using it as my OpenID provider. It rocks. :)
that's really public. o.o
Thanks. Is it a privacy violation? I'll add a flag to hide them if you want to. Ditto Twitter, Facebook accounts.
Yes, ISTR there's a transform from XRI to URL but I can't remember what it is.
@evan Personally, I don't really care, but I can see how some might be upset about having those previously private relations made public.
there should be flags for privacy, that's a pretty good idea. exposing all data publically by default may not be the best policy.
That's the facebook policy.
Understood. Flag forthcoming.
OK, there's a flag on identi.ca now to hide OpenIDs from your profile page. It's in the openid settings panel.
@evan Thanks for getting on that. Not that I'll use it, but on behalf of the paranoids, I thank you.