On Mon, Dec 14, 2009 at 09:48:54AM +0100, Chris Obdam wrote: > I think there a no real privacy issues with this idea? Ok, you know from this > anonymous user that he or she has an OpenID with XXX, but is that a bad thing?
Yes, it is a bad thing. 1) Privacy. I want to be in control of what information RPs have about me. I see how you think it wouldn't be a big deal for someone to see that I'm logged in to Google and Flickr -- what does that really say about me, you think? Nothing, right? But imagine a group of ideologically simliar groups deciding to implement RP+OP to make it easier for like-minded individuals to use all their sites without relying on some mega-OP? I don't want the data-hungry folks at Facebook noticing that I'm logged in to the Greenpeace or National Rifle Association unless I explicitly approve letting Facebook know that. 2) Security. A malicious site could more intelligently target victims if it could ascertain what sites the victim is logged into. There's no need to attempt some online Gmail exploit if the malicious RP can tell that the victim isn't logged in to Google. I would hope that A) OPs would give each user control over whether this discovery was enabled for his account (and possibly to whom it was available). B) Any spec describing this would note that the OP SHOULD give each user the ability to disable this feature for their account and that the default for new users SHOULD be to not provide this information. BTW, this sounds a lot like what Luke Shepard of Facebook described wanting to add to checkid_immediate: http://www.sociallipstick.com/2009/04/?y%/lets-detect-logged-in-state/ http://lists.openid.net/pipermail/openid-general/2009-May/018232.html -Peter _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
