Conversation
Notices
-
!identica now shows all my registered OpenID addresses. Somewhat of a privacy violation and they assume they are all valid URLs. forgot XRI
- The Root's Updates repeated this.
-
@duck1123 ain't that the idea of OpenID addresses that they should be as open and visible as possible? And if you got f…
-
Thanks. Is it a privacy violation? I'll add a flag to hide them if you want to. Ditto Twitter, Facebook accounts.
-
Yes, ISTR there's a transform from XRI to URL but I can't remember what it is.
-
@evan Personally, I don't really care, but I can see how some might be upset about having those previously private relations made public.
-
there should be flags for privacy, that's a pretty good idea. exposing all data publically by default may not be the best policy.
-
@lnxwalt140 I was thinking that #OpenID should be as visible as possible. And thus be one of the single ways to sign in everywhere(TM)
Evan Prodromou likes this. -
Understood. Flag forthcoming.
march likes this. -
That's the facebook policy.
-
@habi Your private website or webmail acct could be an OpenID. Not necessarily okay to disseminate it.
-
@lnxwalt140 not necessarily, I agree. But in certain cases desirably. Give feedback on this to Evan, he was asking for …
-
I'm listening, don't worry! It's a best-practice to allow opting out of OpenID display; I've got a fix coming in <1hr.
-
@evan and thinking a wee bit more about it: I really should get to making http://ur1.ca/9r3nu my #OpenID presence/provi…
Evan Prodromou likes this. -
OK, there's a flag on identi.ca now to hide OpenIDs from your profile page. It's in the openid settings panel.
Alberto Oses N. and Joshua Judson Rosen like this. -
Why's that?
-
@laurelrusswurm I think it is more secure than having accounts on fifty different sites.
-
I think, though, that this should be required reading RE #OpenID: http://ur1.ca/9r3ov
-
@evan Thanks for getting on that. Not that I'll use it, but on behalf of the paranoids, I thank you.
-
@habi Take a look at SimpleID. I’ve got an instance running on my site and I’ve switched everything to using it as …
-
that's really public. o.o
-
@evan It's that "all the eggs are in one basket thing" ... when one account gets hacked, all are at risk
-
it doesnt help that most people only use a single password for everything.
-
@laurelrusswurm Unfortunately, that is even more true with fifty independent accounts, b/c people will reuse passwords and secret questions.
-
I like OpenID because I can make sure that the login mechanisms I use are actually decent.
-
I prefer https://browserid.org/ to openid. Neither is gaining traction because google and facebook track you better when you're logged in.
-
But you only have to change your credentials once after you become aware of the situation.
-
@lnxwalt maybe "people" will, but I don't :)
-
@coyo Yes, that's a problem that's part of the problem most people don't understand why not to.
-
@coyo problem made worse when those entrusted with our personal info being more concerned with the appearance of security than real security
-
@coyo Security Questions routinely include "mother's maiden name" which is outrageous, since its a matter of public record.
-
@coyo it's in the publicly available swiss phone book anyways (http://is.gd/hmDy3W), so there's no need to hide my data…
-
@coyo the only way security questions are secure if your answer is actually the answer to a different question #becomescumbersomequickly
-
@evan I know enough to be careful; but knowing what is decent is far more difficult for non-tech folks.
-
@ I've heard OpenID is good, but this thread made me thing Google has something to do with it... is that true?
-
think ;o
-
@laurelrusswurm No, but a Google account (or a Yahoo or Hotmail account) is an OpenID.
-
@laurelrusswurm Also, Wordpress dot come and Typepad accounts are #OpenID s
-
@laurelrusswurm Google uses OpenID but they aren’t directly involved. You can actually host your own OpenID provider,…
-
Google is an OpenID provider, but it didn't invent OpenID.
-
@laurelrusswurm Or another provider that isn’t connected to the big names, such as: https://www.myopenid.com/
-
@zoowar if you have a lot of accounts, that can still be a lot of breaches, even in the short space until you discover it
-
@laurelrusswurm I have to say given recent breaches, I’ve rethought my position and unique userid’s & passwords see…
-
@evan My concern is if Google has access to OpenId data; my thinking is Google knows far too much about all of us already w/o giving more
-
If you use a Google OpenID, yes. If you don't, no.
-
@lnxwalt280 But if you don't use the OpenID aspect to log in elsewhere, I don't think there is a problem. Or is there?
-
@laurelrusswurm No, #OpenID only affects you if you use it.
-
@jpope again, that's something techfolks can do; just not practical for the average bear.
Satipera likes this. -
@jpope A small company is still made up of total strangers to me. Do I trust them?
-
@parlementum that sounds ominous. Is everything okay now?
-
-
@laurelrusswurm I think that google doesn't get access to your data unless your provider is google
-
@laurelrusswurm At one point, @evan and StatusNet Inc. was a total stranger to you… ;)
-
@laurelrusswurm I think eventually, local techfolks will offer #OpenID along with mail, #XMPP, and hopefully #federated #socnet services.
-
@laurelrusswurm I'm actually planning on doing that for family, once I move mail off of fastmail.fm. mail, #XMPP, #OpenID, and more.
-
i cant wait to have my own #vps it's gonna be so much fun!
-
@laurelrusswurm Nothing happened to me personally, but reading of many breaches led me to rethink my strategy.
-
@jpope True; but it was recommended by one I trust. I was a believer in networks of trust before learning about the digital varient :)
-
@laurelrusswurm same with me. ironically @leorockway was the one who pushed me to join, but he never posts anything :)
-
@tekk personal recommendations have their own power. Which is not to say all live humans are trustworthy. Still.
-
I am an average bear and I am going to look into it
-
@whistlewright Sounds smarter than the average bear to me.
-
the average bear doesnt look into anything. they just accept what the news entertainment corporations tell them.
-
@laurelrusswurm Alrighty, understood. ;)
-
That's the point. Providers have usurped openid into their walled gardens.
-
Implementing a provider is not implementing openid.
-
Now, wait a minute. Though they don't announce it as OpenID and often restrict to just a few providers, lots of sites using #OpenID logins.
-
It is true that they are misusing what should be site-independent logins, but they are using #OpenID behind the curtains.
-
The only site I use that supported "unbiased" openid is Hacker News. They ditched it a month back. http://ur1.ca/9r6pq
-
I also wish the sites that do use it supported user@site syntax along with url syntax.
-
@habi Concern is less that "someone can breach [my] account" but Google already has far too much information about me; that would give more
-
@habi My concern about Google's reach and control of private information was nebulous until it extrorted my cell phone #
All Identi.ca content and data are available under the