> Those who expect OAuth to be a panacea for identity theft on Twitter > simply don't understand the issues involved. Operating a modern > computer involves a lot of trust - trusting applications you run on > your machine, trusting web sites you set up accounts on, and the like. > And when you trust, there's always the potential for getting burned. > OAuth doesn't change that fundamentally.
I agree completely with your post, Ed. I put forward my thoughts on OAuth and phishing in April last year: http://log.lachstock.com.au/past/2008/4/1/phishing-fools/ Basically, I think OAuth is awesome, but the idea that it's going to somehow stop phishing is extreme. Lachlan Hardy
