Mozilla: Unlike FB and Twitter Single Sign-in, Persona Protects User Privacy 81
tsamsoniw writes "Mozilla today unveiled Persona Beta 2, the newest edition of the organization's open authentication system. The release includes Identity Bridging, which lets user sign in to Persona-supported sites using their existing webmail accounts, starting with Yahoo. Mozilla used the release as an opportunity to bash social sign-in offerings from Facebook and Twitter, which 'conflate the act of signing into a website with sharing access to your social network, and often granting the site permission to publish on your behalf,' said Lloyd Hilaiel, technical lead for Mozilla Persona. He added that they are built in such a way that social providers have full visibility into a user's browsing behavior."
Re:User Privacy (Score:5, Funny)
you guys still believe in this myth?
Asolutely, Mr. Elsgarth J. Finchlipp; 8871 W. Blortmann Terrace; Bleemington, VT, 01010; who recently read the Guardian, New York Times and Scotts Valley Patch, via Google News and purchased Lime Bagels with Soy Cheese at Eugor's Coffee Shoppe and Tea Room.
Re: This just in... (Score:3, Insightful)
Not always true. Facebook, yahoo, microsoft, google and the like are for profit companies that rely on advertisements and social graphs or referrals to generate revenue, which they need constantly more of. Got to keep those stock prices high!
Mozilla is a not for profit. They generate revenue with donations and a start page that links to Google. They don't care what you do on the web unless it causes their product to fail.
Mozilla is probably the only group you can trust for authorization, as they don't consi
Re: (Score:3, Insightful)
Mozilla is a not for profit.
Don't be so sure [mozilla.org]. Mozilla is the pipeline... Why else would Google 'value' them so much?
Hyman Roth always makes money for his partners.
Re: (Score:2, Insightful)
Because they value all platforms that improve the web.
It doesn't affect Mozilla's autonomy.
Re: (Score:2, Troll)
Not always true. Facebook, yahoo, microsoft, google and the like are for profit companies that rely on advertisements and social graphs or referrals to generate revenue, which they need constantly more of.
Who are those advertisements for? You. Who's in those social graphs? You. Who's the name on those referrals? You.
Re: (Score:2)
Linux is free. How are we the product in that situation?
Re: (Score:2)
Re:This just in... (Score:4, Informative)
When you understand what Persona is, call me and we'll talk. Until then, stop taking things out of context... it makes you look retarded.
Hint: Personal is a decentralised system/protocol implemented using open source code. Anybody can set up an identity provider, and Mozilla will have no connection to it. In terms of the rest us being users vs being products it is far closer to Linux than your "web based services" (eg Facebook or Twitter).
Re: (Score:3)
Menu - New incognito window (Ctrl+Shift+N) (Score:1)
Re:Menu - New incognito window (Ctrl+Shift+N) (Score:5, Informative)
I'd rather have multiple authentication realms (Score:5, Interesting)
The biggest thing I have against single-sign-on is that I need different levels of security for different sites, and I want to keep the sites compartmentalised from each other.
For instance, I want high security for my email account and access it only from computers/devices that I have control over.
However, I have private playlists on Youtube that I may want to show to a friend, on a third guy's (two degrees of separation) computer. I don't want to have to be afraid of logging into Youtube on that machine because that computer would also get access to my email.
When I am on my trusted home computer, having different accounts for different things can get cumbersome with those sites that force single-sign-on on you!
Yes, while I could use the Incognito mode in Chromium to separate my logins -- it does only separate [i]two[/i] sites, and I would have to login each time I need a new window in incognito mode.
It would be much more convenient if I could have different "realms" or "personas", where I could browse each site in its own realm.
Re: (Score:2)
Persona == email address.
So create multiple email addresses, they are free.
Re: (Score:1)
Re: (Score:2)
Didn't Firefox just get shat on because it turns out that incognito and clearing histories etc doesn't actually remove everything? People were very surprised when files from years ago popped up into their download history again, and previously opened tabs etc etc etc.
Not google? (Score:5, Insightful)
So Mozilla took a jab at Facebook and Twitter but left Google alone? Is this because they take money from Google?
Re:Not google? (Score:4, Informative)
Re: (Score:3)
Google's sign-in is OpenID based and is explicit about what access you are granting to the website (usually just that they get to know your Google ID which is also your e-mail address).
If mozilla's personas system also exposes your email address, or some other id that is unique across multiple websites, then it is no better than OpenID.
So, either personas have better privacy than OpenID, and thus google's system deserves bashing too --- or personas are no better than OpenID and so I have to ask, why bother re-inventing the wheel?
Re: (Score:3, Insightful)
Wikipedia's article on Mozilla Persona [wikipedia.org] (which links to "How BrowserID differs from OpenID" [mozilla.com]) clarifies that. While the site you are authenticating to gets the same information it would get via OpenID, the authentication provider doesn't know what sites you are using. Due to the indirection of storing the cryptographic credentials in the browser, the OpenID provider doesn't need to be contacted for every login and therefore doesn't know what sites you are logging into.
This is related to the design of Persona
Re:Not google? (Score:5, Interesting)
So, if I am reading that right, personas do not directly leak every login to a central database. But, it does use the same id across different websites so if the website used a service to cross-reference ids with other websites the net result would be the same.
Given the massive proliferation of trackers that we already have, I think we would quickly see them include persona id tracking too.
Re: (Score:1)
It would be fairly straightforward to have a single login authentication method that exposed a unique id to each login destination. That would eliminate cross-referencing.
Re: (Score:2)
It would be fairly straightforward to have a single login authentication method that exposed a unique id to each login destination. That would eliminate cross-referencing.
If it wasn't based on your email address, it might be feasible for a firefox add-on to pregenerate a couple of hundred persona ids and then automagically assign them to each individual website that has a login. But, my guess is that the email address requirement makes that effectively impossible except for people who own their own domains.
Re: (Score:2)
It would be fairly straightforward to have a single login authentication method that exposed a unique id to each login destination. That would eliminate cross-referencing.
If it wasn't based on your email address, it might be feasible for a firefox add-on to pregenerate a couple of hundred persona ids and then automagically assign them to each individual website that has a login. But, my guess is that the email address requirement makes that effectively impossible except for people who own their own domains.
Why impossible? probabilistic encryption [wikipedia.org] schemes could easily generate any number of unique IDs which are bound to your email address
Re: (Score:2)
When you sign up to websites you usually use have to supply an email address.
If only for password recovery.
They can already use that to cross-reference ids from users over multiple sites.
That is why Mozilla Persona uses email addresses, it's clearly an identity (unlike for example OpenID where are website/webpage is your identity). And you already needed an email address anyway.
Lots of people already have multiple identities: email address for work and one for home.
And you can create new identities for free
Re: (Score:3)
When you sign up to websites you usually use have to supply an email address.
That's what mailinator is for.
That is why Mozilla Persona uses email addresses, it's clearly an identity (unlike for example OpenID where are website/webpage is your identity). And you already needed an email address anyway.
I read that same line of reasoning too. It is flawed. There is little to no value in having the SAME identity across multiple websites. But it is infeasible for most people to have a unique email address for each website.
And you can create new identities for free, there are lots of free email providers.
Free is a relative term, creating a new email account for each website is a hassle. Computer systems should make things easier, not require extra hassle.
Re: (Score:1)
Except that mailinator could in theory implement an identity provider for its email addresses. There would be no security, but they could. Realistically it would be no worse then using mailinator now.
And most people have one email, and use it everywhere. This specification doesn't decrease their privacy because of that. If you are not already using multiple email addresses, you lose nothing by using browserid.
Re: (Score:2)
And most people have one email, and use it everywhere. This specification doesn't decrease their privacy because of that. If you are not already using multiple email addresses, you lose nothing by using browserid.
That is circular reasoning. If a goal of browserid is to increase the user's security, this system does not achieve that, it only maintains the status quo.
Re: (Score:1)
And most people have one email, and use it everywhere. This specification doesn't decrease their privacy because of that. If you are not already using multiple email addresses, you lose nothing by using browserid.
That is circular reasoning. If a goal of browserid is to increase the user's security, this system does not achieve that, it only maintains the status quo.
The goal of BrowserID isn't to reduce user tracking across sites. Its goal is to reduce the use of passwords, something it does pretty well. The objection to it was that it requires the site to know your email address, but most sites know this anyways. So privacy is not diminished, however the use of passwords (which most people don't handle well) is dramatically reduced. So yes, it improves security.
And just to add another point, if you own a domain and use a catch-all for multiple email addresses, no
Re: (Score:2)
The objection to it was that it requires the site to know your email address, but most sites know this anyways.
No, my objection is that it provides a unique id across multiple websites. An id that will be used for tracking purposes. The fact that the unique id is an email address is really irrelevant.
The goal of BrowserID isn't to reduce user tracking across sites. Its goal is to reduce the use of passwords, something it does pretty well.
By that requirement, there is no functional improvement. It does it just as well as centralized single-sign on like openid/facebook/googleplus. Maybe even worse since the credentials are stored in the browser, making it difficult to sit down at friend's computer and use it to log in.
Re: (Score:1)
The objection to it was that it requires the site to know your email address, but most sites know this anyways.
No, my objection is that it provides a unique id across multiple websites. An id that will be used for tracking purposes. The fact that the unique id is an email address is really irrelevant.
Except that it is not irrelevant. Websites already have your email address, and in most of the cases it is a pretty good identifier of the person. Most people I know have only one main email they use, the only exception being work emails. None of them use multiple emails to avoid tracking. And guess what most websites use as your identifier? Your email address. The fact BrowserID standardized on it doesn't reduce privacy for most people, and for those who care there are easy workarounds (regardless if
Re: (Score:2)
Except that it is not irrelevant.
Come on, don't try to put words in my mouth. It is MY OBJECTION and I don't care that it is based on email. OK? What I am objecting to is the fact that it uses a unique ID across multiple websites. THAT IS THE OBJECTION.
It improves upon those systems in one way, the authentication source never knows where the person signed into.
That is a benefit so small as to be meaningless. If anything this makes the situation worse because instead of just one company tracking you across all those logins now you have a unique id that any tracker can key off.
The fact BrowserID standardized on it doesn't reduce privacy for most people,
However it does not significantly INCREASE privacy for most people e
Re: (Score:1)
Come on, don't try to put words in my mouth. It is MY OBJECTION and I don't care that it is based on email. OK? What I am objecting to is the fact that it uses a unique ID across multiple websites. THAT IS THE OBJECTION.
I'm not putting words into your mouth, I'm saying nothing has changed. How many websites don't track your email address? And how many people change their email address across websites? If you change the email, then you have no change in your privacy level. If you don't, then your privacy stays the same too. Nothing changes.
It improves upon those systems in one way, the authentication source never knows where the person signed into.
That is a benefit so small as to be meaningless. If anything this makes the situation worse because instead of just one company tracking you across all those logins now you have a unique id that any tracker can key off.
If you are so worried about being tracked, it should be important. BrowserID stops one company from tracking you across every website you login too just by having you use their serv
Re: (Score:2)
I'm not putting words into your mouth, I'm saying nothing has changed.
Nothing has changed == irrelevant.
Your problem is you are cherry picking from the three current systems - email verification, openid, and facebook/googleplus-style logins. Each of them has drawbacks. You keep shifting your argument based on the particular drawback to say that browserid is better, the problem is browserid does not eliminate any of those drawbacks, it just shuffles them around.
You: Eliminates multiple passwords
Me: So does facebook/googleplus and openid
You: Just as vulnerable to tracking by
Re: (Score:1)
Now you are just cherry-picking my quotes. The tracking ability of independent websites co-operating has not changed. And realistically, as long as you identify yourself the same way across sites, this won't change. If you change your identity (Facebook/G+/OpenID/Email/etc), then they can't track you (according to our discussion of tracking). BrowserID can't change that. Even if BrowserID sent a unique ID to each website, each website would then require an email address anyways. Guess what? You are b
Re: (Score:2)
You lose the multiple passwords, which is the real security benefit. This is the claimed benefit. And it is successful.
Low hanging fruit right there:
https://blog.mozilla.org/beyond-the-code/2013/04/09/persona-beta2/ [mozilla.org]
Persona: more privacy, better security while making developers and users happy!
More security is not THE claimed benefit, it is only A claimed benefit.
That's not the first time you under-represented the claims:
It's not about increasing privacy. It's about increasing security by killing extra passwords.
This entire sub-thread which I started is not about increasing security, despite your constant efforts to muddy the waters.
Re: (Score:1)
Re: (Score:2)
But it doesn't become a privacy nightmare either.
You are correct. The situation ALREADY IS a privacy nightmare. Browserid does essentially nothing to improve it. Which was the entire point of my objection from the first post.
Re: (Score:1)
Re:Not google? (Score:4, Interesting)
It's actually more private than that. Without knowing all the nitty gritty details - if an app follows Google's process for signing up users, that user gets a unique OpenID specific to that app via a common 'discovery' url.
That way all the apps you sign up for can't really connect you with anything else.
It is a slight pain for open standards though - Google is making it much harder to know what your standard OpenID actually is.
No (Score:2)
Mozilla took a jab at Facebook and Twitter on behalf of Google.
Re: (Score:2)
It's because no one uses the Google+ sign-in yet. Google has barely started phasing out the normal Google sign-in in favor of their Google+ sign-in [blogspot.com].
Two key innovations introduced by the new Google+ sign-in over its predecessor, the plain Google sign-in. It's no longer compatible with an open standard like OpenID, it now uses its own proprietary standard. Plus, it exports everything plus the kitchen sink when signing-in into a web site (assuming you give it the permission to).
Still, I prefer the Google+ sign
Privacy by fragmentation (Score:4, Insightful)
I am fortunate to be with a very privacy and security focussed ISP (xs4all.nl) and keep my mail addresses with them because of my dislike of harvesting by the 'free' mail providers.
It is not that I try to hide at every expense, like I use my real name on Usenet, but I'm surely not going to make it easy on the harvesters.
Re: (Score:2)
XS4ALL sucks. Their spokesperson thinks Apple spells SECURITY.
Re: (Score:2)
I had not heard such from their spokesperson but at least he/she understands it's not Windows.
Stop making it easier to require sign-ins (Score:3, Insightful)
I do not want to sign in. I don't want content personalized to me. I want to see what everybody else sees. Stop hiding stuff from me based on what you think I want to see. And let's not mince words here: You're not creating content for me. You're showing me stuff which already exists and was not tailor-made for me. You're "customizing my experience" by hiding stuff from me. Stop that. I will not sign in.
Re: (Score:3, Informative)
Re:Stop making it easier to require sign-ins (Score:4, Interesting)
Re: (Score:2)
Re: (Score:2)
That is why (Score:1)
"they are built in such a way that social providers have full visibility into a user's browsing behavior".
And that is exactly why they are popular with web sites.
Re: (Score:2)
step 1: embrace the social networks desires and give them full access to your details for, umm, "personalisation" reasons while also allowing the networks to claim better privacy.
step 2: enhance the social networks privacy settings to allow a single user to present multiple 'views' of himself to the networks users whilst still allowing the network to see a single person for, umm, "personalisation" reasons.
step 3: extinguish the pretend privacy offered by the social network by further enhancing the user deta
Re:Awesome design (for the late 1990s) (Score:4, Insightful)
The year is 2013. The developed world, and much of the developing world, is now comfortable with computers and can very easily understand and work with something like... oh, I don't know... a password manager. I've seen 8 year olds and 80 year olds pick up KeePass in nothing flat.
If you go with the password manager route (or just memorize them), every site will SEE the username and password for itself. This means that every site must implement all the password and account management things securely (ex. password reset). This includes system security as well.
If one uses single sign-on, the participating sites never see the password (in most implementations).
So, the upshot is that you don't end up with a bunch of bit players trying to re-invent the wheel badly, each being an authentication breech waiting to happen. Add to that the fact that many users re-use the same password at multiple sites, and the situation looks worse.
The downside is that, if someone gets your single sign-on account information, then they get access to all your sites. The same is true if they get your keepass db and password, but that's not a service that runs somewhere else.
I think one of the most confusing bits about single sign-on is the end user perception on how its sold... the "you only need to remember one account" is often the first selling point that is pushed. That's really just a side effect. The "no site ever has access to your password" is the bigger selling point, but it's too confusing to explain how that works, and people don't really care.
It's trivial to remove the "authenticate once, single sign-on, and when you visit another participating site you don't have to login again" part. For example, see section 2.1.1 of the Jasig CAS protocol (http://www.jasig.org/cas/protocol),
renew [OPTIONAL] - if this parameter is set, single sign-on will be bypassed. In this case, CAS will require the client to present credentials regardless of the existence of a single sign-on session with CAS.
When that is set, the CAS IdP does not automatically redirect you back to the original site. It will not re-use the established SSO session. It will prompt for login again. This could easily be set on the users profile, or globally on the IdP. You'd then still have the benefit that each participating site would never see your credentials, but it would prevent sites from automatically logging you in. You could also use this to enter different credentials (ie. more than one account on the CAS IdP), so you could still have multiple accounts, and the sites would be none the wiser.
All that said, I'm personally comfortable with maintaining a separate username and password for every service I use, and still prefer it. Besides, the scary part isn't that some site could get the password I use for them, but that some site could be storing a bunch of information about me and I don't want that to get leaked (like vudu's recent thing, where they got hacked and leaked the last 4 digits of users credit cards - the first 4 - 8 digits identify the type of card, the bank, and the branch office where the account was opened, so they're not that difficult to guess; the last 4 are the most unique part of your CC#, so it sucks that it's common practice to print that on all receipts and store it everywhere).
SAML? (Score:2)
Re: (Score:2)
It isn't an XML and SOAP powered enterprise style sea of complexity?
I'm sure there are other differences :)
Re: (Score:2)
It isn't an XML and SOAP powered enterprise style sea of complexity?
The XML and SOAP stuff in SAML is almost transparent to the users and administrators, as far as I experienced
Re: (Score:2)
It's not the users you should be worried about, it's the developers:
https://www.usenix.org/conference/usenixsecurity12/breaking-saml-be-whoever-you-want-be [usenix.org]
https://www.youtube.com/watch?v=RHIkb9yEV1k&list=PLOcrXzpA0W81zc6BiXpwEBx14w9nmtG2r&index=49 [youtube.com]
Re: (Score:3)
Theses are implementation vulnerabilities, not protocol vulnerabilities.
Beside this, as a user of simpleSAMLphp, I am happy to see it was not vulnerable in this paper
Re: (Score:2)
If only 2 in 14 implementers of a security, euh... authentication protocol can get the implementation somewhat right without making huge mistakes then maybe the protocol was more complicated then needed.
Re: (Score:2)
Re: (Score:2)
that suggestion will probably not rise my karma
It did with me. :-)
Persona vs Browserid (Score:1)
Re: (Score:2)
Mozilla isn't too keen on that, either: we're quite serious about wanting this to be a distributed system. Announcing Yahoo as an Identity Provider is an important step toward that. Another important step will be native navigator.id support in the browser so sites don't need to load the polyfill from persona.org.