On Tue, Dec 15, 2009 at 09:40:05AM +0100, Chris Obdam wrote: > +1 For John :-)
Would you mind clarifying which points you're supporting? John tells me I misread his post, that his intention was to say that OPs could offer their users some control over this information. I read it as the opposite. I read this as John saying that while OPs could offer protection, such protection wouldn't be worthwhile because there already exists this DOM/JS privacy flaw in current web browsers. So could you please clarify whether you are saying you agree with John's intended main point, that OPs could (should?) address this with a privacy mechanism (in which case I'm curious whether you think the foundation and spec should require or encourage such mechanisms) *or* whether you think the DOM/JS flaw means OpenID shouldn't worry about user privacy? Thank you. -Peter > Op 14 dec 2009, om 20:32 heeft John Panzer het volgende geschreven: > > > On Mon, Dec 14, 2009 at 11:21 AM, Peter Watkins <[email protected]> wrote: > > On Mon, Dec 14, 2009 at 09:48:54AM +0100, Chris Obdam wrote: > > > > > I think there a no real privacy issues with this idea? Ok, you know from > > > this anonymous user that he or she has an OpenID with XXX, but is that a > > > bad thing? > > > > Yes, it is a bad thing. > > > > 1) Privacy. I want to be in control of what information RPs have about > > me. I see how you think it wouldn't be a big deal for someone to see that > > I'm logged in to Google and Flickr -- what does that really say about me, > > you think? Nothing, right? But imagine a group of ideologically simliar > > groups deciding to implement RP+OP to make it easier for like-minded > > individuals to use all their sites without relying on some mega-OP? I > > don't want the data-hungry folks at Facebook noticing that I'm logged > > in to the Greenpeace or National Rifle Association unless I explicitly > > approve letting Facebook know that. > > > > The OP should be able to opt-in to whatever mechanism is set up. (Note > > that even today, you may be able to use visited-link color hacks to > > determine what OPs a user has recently frequented; statistically speaking > > you can already get the information you're worried about.) > > > > > > 2) Security. A malicious site could more intelligently target victims > > if it could ascertain what sites the victim is logged into. There's no > > need to attempt some online Gmail exploit if the malicious RP can tell > > that the victim isn't logged in to Google. > > > > Again, per above, I think this information is probably already available to > > evil.org, at least statistically speaking. > > > > > > I would hope that > > > > A) OPs would give each user control over whether this discovery was enabled > > for his account (and possibly to whom it was available). > > > > B) Any spec describing this would note that the OP SHOULD give each user > > the ability to disable this feature for their account and that the default > > for new users SHOULD be to not provide this information. > > > > BTW, this sounds a lot like what Luke Shepard of Facebook described wanting > > to add to checkid_immediate: > > http://www.sociallipstick.com/2009/04/?y%/lets-detect-logged-in-state/ > > http://lists.openid.net/pipermail/openid-general/2009-May/018232.html _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
