Mozilla: Unlike FB and Twitter Single Sign-in, Persona Protects User Privacy 81
tsamsoniw writes "Mozilla today unveiled Persona Beta 2, the newest edition of the organization's open authentication system. The release includes Identity Bridging, which lets user sign in to Persona-supported sites using their existing webmail accounts, starting with Yahoo. Mozilla used the release as an opportunity to bash social sign-in offerings from Facebook and Twitter, which 'conflate the act of signing into a website with sharing access to your social network, and often granting the site permission to publish on your behalf,' said Lloyd Hilaiel, technical lead for Mozilla Persona. He added that they are built in such a way that social providers have full visibility into a user's browsing behavior."
Not google? (Score:5, Insightful)
So Mozilla took a jab at Facebook and Twitter but left Google alone? Is this because they take money from Google?
Re: This just in... (Score:3, Insightful)
Not always true. Facebook, yahoo, microsoft, google and the like are for profit companies that rely on advertisements and social graphs or referrals to generate revenue, which they need constantly more of. Got to keep those stock prices high!
Mozilla is a not for profit. They generate revenue with donations and a start page that links to Google. They don't care what you do on the web unless it causes their product to fail.
Mozilla is probably the only group you can trust for authorization, as they don't consider you a revenue model.
Privacy by fragmentation (Score:4, Insightful)
I am fortunate to be with a very privacy and security focussed ISP (xs4all.nl) and keep my mail addresses with them because of my dislike of harvesting by the 'free' mail providers.
It is not that I try to hide at every expense, like I use my real name on Usenet, but I'm surely not going to make it easy on the harvesters.
Re: This just in... (Score:3, Insightful)
Mozilla is a not for profit.
Don't be so sure [mozilla.org]. Mozilla is the pipeline... Why else would Google 'value' them so much?
Hyman Roth always makes money for his partners.
Stop making it easier to require sign-ins (Score:3, Insightful)
I do not want to sign in. I don't want content personalized to me. I want to see what everybody else sees. Stop hiding stuff from me based on what you think I want to see. And let's not mince words here: You're not creating content for me. You're showing me stuff which already exists and was not tailor-made for me. You're "customizing my experience" by hiding stuff from me. Stop that. I will not sign in.
Re:Not google? (Score:3, Insightful)
Wikipedia's article on Mozilla Persona [wikipedia.org] (which links to "How BrowserID differs from OpenID" [mozilla.com]) clarifies that. While the site you are authenticating to gets the same information it would get via OpenID, the authentication provider doesn't know what sites you are using. Due to the indirection of storing the cryptographic credentials in the browser, the OpenID provider doesn't need to be contacted for every login and therefore doesn't know what sites you are logging into.
This is related to the design of Persona being browser-based instead of web-based, which also provides additional security (harder to fake a password entry box if it's normally generated by the browser).
Re: This just in... (Score:2, Insightful)
Because they value all platforms that improve the web.
It doesn't affect Mozilla's autonomy.
Re:Awesome design (for the late 1990s) (Score:4, Insightful)
The year is 2013. The developed world, and much of the developing world, is now comfortable with computers and can very easily understand and work with something like... oh, I don't know... a password manager. I've seen 8 year olds and 80 year olds pick up KeePass in nothing flat.
If you go with the password manager route (or just memorize them), every site will SEE the username and password for itself. This means that every site must implement all the password and account management things securely (ex. password reset). This includes system security as well.
If one uses single sign-on, the participating sites never see the password (in most implementations).
So, the upshot is that you don't end up with a bunch of bit players trying to re-invent the wheel badly, each being an authentication breech waiting to happen. Add to that the fact that many users re-use the same password at multiple sites, and the situation looks worse.
The downside is that, if someone gets your single sign-on account information, then they get access to all your sites. The same is true if they get your keepass db and password, but that's not a service that runs somewhere else.
I think one of the most confusing bits about single sign-on is the end user perception on how its sold... the "you only need to remember one account" is often the first selling point that is pushed. That's really just a side effect. The "no site ever has access to your password" is the bigger selling point, but it's too confusing to explain how that works, and people don't really care.
It's trivial to remove the "authenticate once, single sign-on, and when you visit another participating site you don't have to login again" part. For example, see section 2.1.1 of the Jasig CAS protocol (http://www.jasig.org/cas/protocol),
renew [OPTIONAL] - if this parameter is set, single sign-on will be bypassed. In this case, CAS will require the client to present credentials regardless of the existence of a single sign-on session with CAS.
When that is set, the CAS IdP does not automatically redirect you back to the original site. It will not re-use the established SSO session. It will prompt for login again. This could easily be set on the users profile, or globally on the IdP. You'd then still have the benefit that each participating site would never see your credentials, but it would prevent sites from automatically logging you in. You could also use this to enter different credentials (ie. more than one account on the CAS IdP), so you could still have multiple accounts, and the sites would be none the wiser.
All that said, I'm personally comfortable with maintaining a separate username and password for every service I use, and still prefer it. Besides, the scary part isn't that some site could get the password I use for them, but that some site could be storing a bunch of information about me and I don't want that to get leaked (like vudu's recent thing, where they got hacked and leaked the last 4 digits of users credit cards - the first 4 - 8 digits identify the type of card, the bank, and the branch office where the account was opened, so they're not that difficult to guess; the last 4 are the most unique part of your CC#, so it sucks that it's common practice to print that on all receipts and store it everywhere).