Forgot your password?
typodupeerror
Mozilla Privacy Security The Internet

Mozilla: Unlike FB and Twitter Single Sign-in, Persona Protects User Privacy 81

Posted by Soulskill
from the and-it-has-fiber-and-calcium-and-zero-carbs dept.
tsamsoniw writes "Mozilla today unveiled Persona Beta 2, the newest edition of the organization's open authentication system. The release includes Identity Bridging, which lets user sign in to Persona-supported sites using their existing webmail accounts, starting with Yahoo. Mozilla used the release as an opportunity to bash social sign-in offerings from Facebook and Twitter, which 'conflate the act of signing into a website with sharing access to your social network, and often granting the site permission to publish on your behalf,' said Lloyd Hilaiel, technical lead for Mozilla Persona. He added that they are built in such a way that social providers have full visibility into a user's browsing behavior."
This discussion has been archived. No new comments can be posted.

Mozilla: Unlike FB and Twitter Single Sign-in, Persona Protects User Privacy

Comments Filter:
  • You've gone incognito. Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close all open incognito windows. Any files you download or bookmarks you create will be preserved, however.
    • by The MAZZTer (911996) <megazzt.gmail@com> on Tuesday April 09, 2013 @06:06PM (#43406823) Homepage
      I think you missed the point. Persona is to allow a website to add a sign in feature for users who WANT to sign in.. for example, to save their preferences for the site or have an identity... without the hassle of having users create an account just for your site. The idea definitely isn't new, this is just Mozilla's own take on it.
    • by Misagon (1135) on Tuesday April 09, 2013 @06:48PM (#43407171)

      The biggest thing I have against single-sign-on is that I need different levels of security for different sites, and I want to keep the sites compartmentalised from each other.
      For instance, I want high security for my email account and access it only from computers/devices that I have control over.
      However, I have private playlists on Youtube that I may want to show to a friend, on a third guy's (two degrees of separation) computer. I don't want to have to be afraid of logging into Youtube on that machine because that computer would also get access to my email.

      When I am on my trusted home computer, having different accounts for different things can get cumbersome with those sites that force single-sign-on on you!
      Yes, while I could use the Incognito mode in Chromium to separate my logins -- it does only separate [i]two[/i] sites, and I would have to login each time I need a new window in incognito mode.
      It would be much more convenient if I could have different "realms" or "personas", where I could browse each site in its own realm.

      • by Lennie (16154)

        Persona == email address.

        So create multiple email addresses, they are free.

      • by jalopezp (2622345)
        You can have as many profiles on your browser as you want. They will each keep separate logins. Each profile is stored in ~/.config/chromium.
    • Didn't Firefox just get shat on because it turns out that incognito and clearing histories etc doesn't actually remove everything? People were very surprised when files from years ago popped up into their download history again, and previously opened tabs etc etc etc.

  • Not google? (Score:5, Insightful)

    by geek (5680) on Tuesday April 09, 2013 @06:05PM (#43406815) Homepage

    So Mozilla took a jab at Facebook and Twitter but left Google alone? Is this because they take money from Google?

    • Re:Not google? (Score:4, Informative)

      by Anonymous Coward on Tuesday April 09, 2013 @06:13PM (#43406897)
      Google's sign-in is OpenID based and is explicit about what access you are granting to the website (usually just that they get to know your Google ID which is also your e-mail address). I guess if you have an associated G+ account then the website would be able to look at your public G+ posts/friends, but It's not comparable to Facebook letting apps post items to your newsfeed or even looking at your information marked as private (for Facebook applications).
      • Google's sign-in is OpenID based and is explicit about what access you are granting to the website (usually just that they get to know your Google ID which is also your e-mail address).

        If mozilla's personas system also exposes your email address, or some other id that is unique across multiple websites, then it is no better than OpenID.

        So, either personas have better privacy than OpenID, and thus google's system deserves bashing too --- or personas are no better than OpenID and so I have to ask, why bother re-inventing the wheel?

        • Re: (Score:3, Insightful)

          by AnyoneEB (574727)

          Wikipedia's article on Mozilla Persona [wikipedia.org] (which links to "How BrowserID differs from OpenID" [mozilla.com]) clarifies that. While the site you are authenticating to gets the same information it would get via OpenID, the authentication provider doesn't know what sites you are using. Due to the indirection of storing the cryptographic credentials in the browser, the OpenID provider doesn't need to be contacted for every login and therefore doesn't know what sites you are logging into.

          This is related to the design of Persona

          • Re:Not google? (Score:5, Interesting)

            by Jah-Wren Ryel (80510) on Tuesday April 09, 2013 @07:39PM (#43407515)

            So, if I am reading that right, personas do not directly leak every login to a central database. But, it does use the same id across different websites so if the website used a service to cross-reference ids with other websites the net result would be the same.

            Given the massive proliferation of trackers that we already have, I think we would quickly see them include persona id tracking too.

            • by paulkoan (769542)

              It would be fairly straightforward to have a single login authentication method that exposed a unique id to each login destination. That would eliminate cross-referencing.

              • It would be fairly straightforward to have a single login authentication method that exposed a unique id to each login destination. That would eliminate cross-referencing.

                If it wasn't based on your email address, it might be feasible for a firefox add-on to pregenerate a couple of hundred persona ids and then automagically assign them to each individual website that has a login. But, my guess is that the email address requirement makes that effectively impossible except for people who own their own domains.

                • by Chrisq (894406)

                  It would be fairly straightforward to have a single login authentication method that exposed a unique id to each login destination. That would eliminate cross-referencing.

                  If it wasn't based on your email address, it might be feasible for a firefox add-on to pregenerate a couple of hundred persona ids and then automagically assign them to each individual website that has a login. But, my guess is that the email address requirement makes that effectively impossible except for people who own their own domains.

                  Why impossible? probabilistic encryption [wikipedia.org] schemes could easily generate any number of unique IDs which are bound to your email address

            • by Lennie (16154)

              When you sign up to websites you usually use have to supply an email address.

              If only for password recovery.

              They can already use that to cross-reference ids from users over multiple sites.

              That is why Mozilla Persona uses email addresses, it's clearly an identity (unlike for example OpenID where are website/webpage is your identity). And you already needed an email address anyway.

              Lots of people already have multiple identities: email address for work and one for home.

              And you can create new identities for free

              • When you sign up to websites you usually use have to supply an email address.

                That's what mailinator is for.

                That is why Mozilla Persona uses email addresses, it's clearly an identity (unlike for example OpenID where are website/webpage is your identity). And you already needed an email address anyway.

                I read that same line of reasoning too. It is flawed. There is little to no value in having the SAME identity across multiple websites. But it is infeasible for most people to have a unique email address for each website.

                And you can create new identities for free, there are lots of free email providers.

                Free is a relative term, creating a new email account for each website is a hassle. Computer systems should make things easier, not require extra hassle.

                • by MattJD (1020453)

                  Except that mailinator could in theory implement an identity provider for its email addresses. There would be no security, but they could. Realistically it would be no worse then using mailinator now.

                  And most people have one email, and use it everywhere. This specification doesn't decrease their privacy because of that. If you are not already using multiple email addresses, you lose nothing by using browserid.

                  • And most people have one email, and use it everywhere. This specification doesn't decrease their privacy because of that. If you are not already using multiple email addresses, you lose nothing by using browserid.

                    That is circular reasoning. If a goal of browserid is to increase the user's security, this system does not achieve that, it only maintains the status quo.

                    • by MattJD (1020453)

                      And most people have one email, and use it everywhere. This specification doesn't decrease their privacy because of that. If you are not already using multiple email addresses, you lose nothing by using browserid.

                      That is circular reasoning. If a goal of browserid is to increase the user's security, this system does not achieve that, it only maintains the status quo.

                      The goal of BrowserID isn't to reduce user tracking across sites. Its goal is to reduce the use of passwords, something it does pretty well. The objection to it was that it requires the site to know your email address, but most sites know this anyways. So privacy is not diminished, however the use of passwords (which most people don't handle well) is dramatically reduced. So yes, it improves security.

                      And just to add another point, if you own a domain and use a catch-all for multiple email addresses, no

                    • The objection to it was that it requires the site to know your email address, but most sites know this anyways.

                      No, my objection is that it provides a unique id across multiple websites. An id that will be used for tracking purposes. The fact that the unique id is an email address is really irrelevant.

                      The goal of BrowserID isn't to reduce user tracking across sites. Its goal is to reduce the use of passwords, something it does pretty well.

                      By that requirement, there is no functional improvement. It does it just as well as centralized single-sign on like openid/facebook/googleplus. Maybe even worse since the credentials are stored in the browser, making it difficult to sit down at friend's computer and use it to log in.

                    • by MattJD (1020453)

                      The objection to it was that it requires the site to know your email address, but most sites know this anyways.

                      No, my objection is that it provides a unique id across multiple websites. An id that will be used for tracking purposes. The fact that the unique id is an email address is really irrelevant.

                      Except that it is not irrelevant. Websites already have your email address, and in most of the cases it is a pretty good identifier of the person. Most people I know have only one main email they use, the only exception being work emails. None of them use multiple emails to avoid tracking. And guess what most websites use as your identifier? Your email address. The fact BrowserID standardized on it doesn't reduce privacy for most people, and for those who care there are easy workarounds (regardless if

                    • Except that it is not irrelevant.

                      Come on, don't try to put words in my mouth. It is MY OBJECTION and I don't care that it is based on email. OK? What I am objecting to is the fact that it uses a unique ID across multiple websites. THAT IS THE OBJECTION.

                      It improves upon those systems in one way, the authentication source never knows where the person signed into.

                      That is a benefit so small as to be meaningless. If anything this makes the situation worse because instead of just one company tracking you across all those logins now you have a unique id that any tracker can key off.

                      The fact BrowserID standardized on it doesn't reduce privacy for most people,

                      However it does not significantly INCREASE privacy for most people e

                    • by MattJD (1020453)

                      Come on, don't try to put words in my mouth. It is MY OBJECTION and I don't care that it is based on email. OK? What I am objecting to is the fact that it uses a unique ID across multiple websites. THAT IS THE OBJECTION.

                      I'm not putting words into your mouth, I'm saying nothing has changed. How many websites don't track your email address? And how many people change their email address across websites? If you change the email, then you have no change in your privacy level. If you don't, then your privacy stays the same too. Nothing changes.

                      It improves upon those systems in one way, the authentication source never knows where the person signed into.

                      That is a benefit so small as to be meaningless. If anything this makes the situation worse because instead of just one company tracking you across all those logins now you have a unique id that any tracker can key off.

                      If you are so worried about being tracked, it should be important. BrowserID stops one company from tracking you across every website you login too just by having you use their serv

                    • I'm not putting words into your mouth, I'm saying nothing has changed.

                      Nothing has changed == irrelevant.

                      Your problem is you are cherry picking from the three current systems - email verification, openid, and facebook/googleplus-style logins. Each of them has drawbacks. You keep shifting your argument based on the particular drawback to say that browserid is better, the problem is browserid does not eliminate any of those drawbacks, it just shuffles them around.

                      You: Eliminates multiple passwords
                      Me: So does facebook/googleplus and openid

                      You: Just as vulnerable to tracking by

                    • by MattJD (1020453)

                      Now you are just cherry-picking my quotes. The tracking ability of independent websites co-operating has not changed. And realistically, as long as you identify yourself the same way across sites, this won't change. If you change your identity (Facebook/G+/OpenID/Email/etc), then they can't track you (according to our discussion of tracking). BrowserID can't change that. Even if BrowserID sent a unique ID to each website, each website would then require an email address anyways. Guess what? You are b

                    • You lose the multiple passwords, which is the real security benefit. This is the claimed benefit. And it is successful.

                      Low hanging fruit right there:

                      https://blog.mozilla.org/beyond-the-code/2013/04/09/persona-beta2/ [mozilla.org]

                      Persona: more privacy, better security while making developers and users happy!

                      More security is not THE claimed benefit, it is only A claimed benefit.

                      That's not the first time you under-represented the claims:

                      It's not about increasing privacy. It's about increasing security by killing extra passwords.

                      This entire sub-thread which I started is not about increasing security, despite your constant efforts to muddy the waters.

                    • by MattJD (1020453)
                      I'll give you the blog post. I've always read the project as being the security first, and privacy as the tack on to "sell it." My focusing on security came from that stance. I'll move that goal post then. If you want to ignore the security aspect, then Personas loses its (IMO) big benefit. But it doesn't become a privacy nightmare either. The key to remember is websites already have emails (many using them as the login id anyways), so BrowserID keying off that isn't a direct problem. Its decentraliz
                    • But it doesn't become a privacy nightmare either.

                      You are correct. The situation ALREADY IS a privacy nightmare. Browserid does essentially nothing to improve it. Which was the entire point of my objection from the first post.

        • by jalopezp (2622345)
          But that's true of literally any single login scheme. It's better in the sense that no-one gets to store all the places you've logged into and all the sites you visit afterwards.
      • Re:Not google? (Score:4, Interesting)

        by styrotech (136124) on Tuesday April 09, 2013 @09:53PM (#43408335)

        usually just that they get to know your Google ID which is also your e-mail address

        It's actually more private than that. Without knowing all the nitty gritty details - if an app follows Google's process for signing up users, that user gets a unique OpenID specific to that app via a common 'discovery' url.

        That way all the apps you sign up for can't really connect you with anything else.

        It is a slight pain for open standards though - Google is making it much harder to know what your standard OpenID actually is.

    • by Frankie70 (803801)

      Mozilla took a jab at Facebook and Twitter on behalf of Google.

    • It's because no one uses the Google+ sign-in yet. Google has barely started phasing out the normal Google sign-in in favor of their Google+ sign-in [blogspot.com].

      Two key innovations introduced by the new Google+ sign-in over its predecessor, the plain Google sign-in. It's no longer compatible with an open standard like OpenID, it now uses its own proprietary standard. Plus, it exports everything plus the kitchen sink when signing-in into a web site (assuming you give it the permission to).

      Still, I prefer the Google+ sign

  • by Teun (17872) on Tuesday April 09, 2013 @06:15PM (#43406909) Homepage
    Although total net privacy is these days nigh-impossible, attempting to spread or fragment your presence over many different systems might help some way, at least it's better than throwing all in the lap of a single vendor like Google, MS or God forbid, FB.

    I am fortunate to be with a very privacy and security focussed ISP (xs4all.nl) and keep my mail addresses with them because of my dislike of harvesting by the 'free' mail providers.

    It is not that I try to hide at every expense, like I use my real name on Usenet, but I'm surely not going to make it easy on the harvesters.

    • XS4ALL sucks. Their spokesperson thinks Apple spells SECURITY.

      • by Teun (17872)
        And their techs run most core applications on Linux.

        I had not heard such from their spokesperson but at least he/she understands it's not Windows.

  • by Anonymous Coward on Tuesday April 09, 2013 @06:20PM (#43406959)

    I do not want to sign in. I don't want content personalized to me. I want to see what everybody else sees. Stop hiding stuff from me based on what you think I want to see. And let's not mince words here: You're not creating content for me. You're showing me stuff which already exists and was not tailor-made for me. You're "customizing my experience" by hiding stuff from me. Stop that. I will not sign in.

  • "they are built in such a way that social providers have full visibility into a user's browsing behavior".
    And that is exactly why they are popular with web sites.

    • by gbjbaanb (229885)

      step 1: embrace the social networks desires and give them full access to your details for, umm, "personalisation" reasons while also allowing the networks to claim better privacy.

      step 2: enhance the social networks privacy settings to allow a single user to present multiple 'views' of himself to the networks users whilst still allowing the network to see a single person for, umm, "personalisation" reasons.

      step 3: extinguish the pretend privacy offered by the social network by further enhancing the user deta

  • How does that compare to SAML?
  • I still don't like Mozilla's Persona. For a system meant to be distributed and open, it sure relies a lot on Mozilla services. I like the idea of BrowserID (the underlying specification to Persona), I just really dislike how everyone has to rely on Mozilla to use Persona.
    • by dveditz (11090)

      Mozilla isn't too keen on that, either: we're quite serious about wanting this to be a distributed system. Announcing Yahoo as an Identity Provider is an important step toward that. Another important step will be native navigator.id support in the browser so sites don't need to load the polyfill from persona.org.

Put no trust in cryptic comments.

Working...