Why OpenID is Going to Destroy the Internet
I’ve recently been playing around with Profilactic, a digital life aggregator that attempts to connect all of your digital contributions in one place. It creates pretty cool little mashups of all of your contributions to social media sites in a single interface. Your contributions, or anyone else’s in fact. OpenID is approaching the same problem from a different perspective by offering to synchronize all of your online profiles to a single username and password that works anywhere. Both are moving towards synchronization and unification of the myriad online identities we have all accumulated over the years, one username and login to rule them all. To paraphrase Stephen Colbert, why do you hate the Internet, OpenID?
I’m not the paranoid conspiracy-theorist type, but even I am terrified of what could happen if all of our actions on the Internet could be tracked to a single identity. Imagine Big Brother coming across an offensive post you made on an anti-government website, and then tracking you through every book you bought, every comment you made, every song you listened to. Don’t say that this is already possible with an IP address- it takes a court order to get a name from an IP address, but your creepy neighbor could easily stalk you from your OpenID. Imagine your neighbor assuming the Big Brother role after seeing a post you made on an anti-neighbor website. Anonymity is one of the strengths of the Internet that allows for so much free expression- without it, the Internet loses one of its key strengths.
Imagine a key logger or trojan compromising your OpenID password because you logged in from an insecure public computer. Now, the hacker controls every element of your digital life- so much for using different passwords on different sites for security. Imagine an OpenID server being compromised- there go thousands of identities, full complete identities compromised with ease. OpenID would be a ripe target for hackers.
And, finally imagine what OpenID promises- all of your online identities, connected and unified. Do you really want that? Do you really want to send your work email from the same account you use to look for Kitty Porn? Do you really want to chat with your boss under the same name you use to chat with bondagefreakk666?
To be clear, I am not against blogs or other sites using OpenID as another option for login to connect users and blogs. But using OpenID as your only login panacea because you didn’t want to code a login system, forcing users to go through the complicated OpenID signup process just to use your site? How inconsiderate to your users.
Google all of the most common usernames you have used over the years. You will be surprised by how much you find. And by how much your creepy neighbor will find, with OpenID. And OpenID, let us keep our various online identities separate. Please?
Related Posts:
Automattic,Gravatar, and the Elusive Unified Identity
A domain name, at last
Freebasing the Sematic Web
The Internet is the Medium, not the Message
It’s Amazing How Fragile the Internet Really Is
Spot on Ilya! I’ve often wondered about Open ID, and consider it, just like you, to be a double edged sword. I completely agree with your statement about Open ID servers being a high priority, if not THE priority for the hacking community, and try to spread my internet ID’s and passwords around, in order to avoid exactly what you’ve put forth here. Nice one on the avanoo, I’m headed there to read all about it now…
I have also wondered about the value of anonymity on the Internet. There is a time and a place for name recognition in the ‘web of trust’ so I don’t think Open ID is total loss. The real would be giving it all up to big brother, as you state.
I like different passwords at shell prompts because I sometimes make the mistake of typing a command on one machine that was intended for another. Perhaps multiple identities protect us from ourselves as much as they do from others, and in a much broader sense than the example I gave here. Woaaah, deep.
Ilya -
I suggest you take a look at Simon Willson’s blog - http://simonwillison.net/ and correspond with him on open id or better yet do an interview on your blog. He did an excellent presentation on Open ID at the FOWA conference and didn’t gloss over the downsides that need to be thought through at all. I’ve worked on a lot of privacy intensive technology issues over the years and while some of the points you’ve raised are valid, I think you’re being a bit extreme about it and frankly unfair. Open ID has a lot of promise - we’re looking into it at Searchles because it would make things alot easier for users. i.e. I am registered at multiple newspaper and content sites that require it. I’d be thrilled to have one universal log on for moving between content sites. Do I want that for accessing my banking records or my amazon account? Absolutely not. Will I use it for all sites I use? No - there are times when I want anonymity (which, btw with the mybloglog widget you use is not possible unless you think about the fact that you want to be anonymous when you visit a website and deliberately go in and change your settings so you will be). It’s a misconception that if you sign up for open id, you’re stuck using it every time.
This post may have come off a as a bit too much of an attack on OpenID. It’s more of an attack on unifying all logins under a single system. OpenID just happens to be on the front lines of that initiative. I can definitely see some uses for OpenID with non mission-critical environments like blog comments. But in general, attempts to unify all logins worry me. Look at the constant push of Microsoft Passport(you need a Microsoft Passport to play Xbox online). Look at Yahoo taking over Flickr’s login system. I bet we will be signing in to YouTube with our Google accounts pretty soon. Or maybe into Skype with our Ebay accounts? Even beyond OpenID, the general trend of consolidation is worrying.
Hi Ilya,
Good to see you posting again, and I agree with a lot of what you say. Would it be illogical to suggest that the current surveillance paradigm virtually demands that we each have a centralized/consolidated online identity? It seems hard to deny that commerce and government would be delighted to see that, and invest heavily in making it so. If the web is to work the way users want it, we have to resist as best we can a digital version of the ‘name-in-phone-directory-and-on-the-post-box’ situation. “We used to know where you lived … then we lost you for a bit … but now we can find you again @yourplace.”
This is a danger with pseudonyms. I wrote a series of posts about it, the best of which are:
http://engtech.wordpress.com/2006/10/18/web-anonymity-101-digital-breadcrumbs/
http://engtech.wordpress.com/2006/10/25/web-anonymity-103-online-privacy/
Ok, I’m enjoying Profilactic.
http://www.profilactic.com/mashup/engtech
Even nicer: it republishes this mash-up as RSS.
http://www.profilactic.com/rss/engtech
Now I need to find an RSS2Blogger tool or an RSS2Email tool that doesn’t embed ads.
Ilya - again - go out and talk to Simon. He wasn’t advocating for one universal log in at all. As for Google and Yahoo, I can understand why they would want to consolidate log in info. If they are truly trying to integrate their acquisitions in a way where they can offer users better or more dynamic use of services, it makes sense for them. As for big brother or anyone else tracking behavior online, I think the more dangerous trend is that the younger set has no appreciation for privacy or real understanding that what they say and do online is largely public. Pre-internet days, my mother always told me growing up not to put anything in writing that you wouldn’t be comfortable showing the world. It’s good advice that still rings true about any personal information no matter the medium. I think the biggest privacy danger today is the younger set. By the time they realize they do care about privacy, it’s going to be too late because they’ve already sent the message that they don’t care.
Great, how am I going to sleep tonight? LOL Really, though, this was an interesting and well thought-out…and disturbing if OpenID is actually implemented.
[…] this great post on Neomeme regarding OpenID, an application available to compile all of your online user profiles (names and passwords) into […]
So, one of the cool things about OpenID is that it lets you use higher-security authentication systems than username-password. For example, I use certifi.ca (https://certifi.ca/) as my OpenID provider; it uses only client-side SSL certificates for authentication — no passwords, no phishing.
Website developers don’t support fancy authentication because users don’t require it; and users don’t require it because web developers don’t implement it. By disconnecting authentication from Web sites, OpenID lets security specialists create high-quality security services — and lets Web site developers concentrate on their core functionality.
As a final note: nobody requires you to just have one OpenID. You can have 5, 50, or 5000. There’s a lot of middle ground between one-login-per-website and one-login-for-the-entire-internet. The good thing is that with OpenID, it’s up to users to decide how many, and which, identities they want to have.
Ilya: “This post may have come off a as a bit too much of an attack on OpenID. It’s more of an attack on unifying all logins under a single system. OpenID just happens to be on the front lines of that initiative.”
Why do you assume that people must only have one OpenID identity? Perhaps many people will, but there’s nothing stopping you from having one for work, one for home, and one for your kitty porn subscription. Each OpenID *can* be used everywhere it’s accepted, but if you want to maintain separation between several of them, there’s nothing preventing you doing that.
It’s the same as with email account -based identities: many people stick with just one and use that everywhere, but nothing stops you from getting separate ones if you want to keep multiple domains of your life discrete. Except it’s better than the situation with email accounts, because you can change your provider yet keep your OpenID the same.
Doesn’t having multiple OpenIDs defeat the purpose of a single, unified, identity? After all, unless you have multiple personality disorder, there is only one “you”. And how do you differentiate work and home anyway? Does me writing in this personal blog count as “work” because I make business contacts through it? How about posting in a technical forum in my spare time?
I don’t think you have to have multiple personality disorder to want to keeps different parts of your life separate.
And there’s nothing in OpenID that requires that you have one identity. That’s in your control — it’s your identity. If you want to keep work and home life separate, that’s OK. If you want to keep your life as a gamer from your life as a church member (say), that’s OK, too.
I think that people on the Internet over the last couple of decades have developed this idea of identity pretty well. I may use “Evan Prodromou” as a username on one system, and “CoolDude395″ on another. Having two different OpenIDs for these two personas is entirely possible and, I think, fits well with the way people think of Internet identity today.
I still maintain that there are very serious privacy and security concerns if you use OpenID to authenticate for more than one site. It makes tracking and correlating the activities of individuals that much easier. And I bet that, for a dedicated attacker, it would not be difficult to connect your work and personal OpenID profiles bsed on timing, choice of server, and the little remnants we all leave in various communities around the web. This is already possible, but OpenID makes it so so much easier.
I am not saying OpenID does not have its uses- I am only worried about the time when OpenID becomes the de facto standard for authentication, and the OpenID server you run out of your basement gets hacked.
There’s definitely a single point of entry issue. However, with OpenID you can actually log any requests. That’s something absent with any external system…. I can’t tell when someone last logged into my bank.
If you could provide me with a single case where (not just with OpenID), a person’s identity was stolen using this methodology, I’d appreciate it.
I did an analysis of reports to the FTC and can’t find a single event like this. All of the computer related identity theft incidents occurred from a) phishing and b) physical theft of information from computer systems.
Doug: OpenID is just as susceptible to phishing as any other login system. Except that with a phished OpenID from a single source, the hacker now has access to all of your logins everywhere- including your bank, even if they only phished your blog. By the time you see someone has logged into your bank, it may very well be empty.
Just because it hasn’t happened yet, doesn’t mean it won’t. Why does the US spend millions preparing against a potential biological terror attack when nobody can give an example of one?
You are misusing the term “hacker.” What you mean is “cracker.” Check the New Hackers Dictionary, if you don’t believe me: http://www.catb.org/~esr/jargon/
hacker: n.
[originally, someone who makes furniture with an axe]
1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users’ Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. An expert at a particular program, or one who frequently does work using it or on it; as in ‘a Unix hacker’. (Definitions 1 through 5 are correlated, and people who fit them congregate.)
6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.
The term ‘hacker’ also tends to connote membership in the global community defined by the net (see the network. For discussion of some of the basics of this culture, see the How To Become A Hacker FAQ. It also implies that the person described is seen to subscribe to some version of the hacker ethic (see hacker ethic).
It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you’ll quickly be labeled bogus). See also geek, wannabee.
This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry’s by teenage radio hams and electronics tinkerers in the mid-1950s.
cracker: n.
One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker (q.v., sense 8). An earlier attempt to establish worm in this sense around 1981–82 on Usenet was largely a failure.
Use of both these neologisms reflects a strong revulsion against the theft and vandalism perpetrated by cracking rings. The neologism “cracker” in this sense may have been influenced not so much by the term “safe-cracker” as by the non-jargon term “cracker”, which in Middle English meant an obnoxious person (e.g., “What cracker is this same that deafs our ears / With this abundance of superfluous breath?” — Shakespeare’s King John, Act II, Scene I) and in modern colloquial American English survives as a barely gentler synonym for “white trash”.
While it is expected that any real hacker will have done some playful cracking and knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate, benign, practical reasons (for example, if it’s necessary to get around some security in order to get some work done).
Thus, there is far less overlap between hackerdom and crackerdom than the mundane reader misled by sensationalistic journalism might expect. Crackers tend to gather in small, tight-knit, very secretive groups that have little overlap with the huge, open poly-culture this lexicon describes; though crackers often like to describe themselves as hackers, most true hackers consider them a separate and lower form of life. An easy way for outsiders to spot the difference is that crackers use grandiose screen names that conceal their identities. Hackers never do this; they only rarely use noms de guerre at all, and when they do it is for display rather than concealment.
Ethical considerations aside, hackers figure that anyone who can’t imagine a more interesting way to play with their computers than breaking into someone else’s has to be pretty losing. Some other reasons crackers are looked down on are discussed in the entries on cracking and phreaking. See also samurai, dark-side hacker, and hacker ethic. For a portrait of the typical teenage cracker, see warez d00dz.
@Mackenzie
Sorry, I’m using “hacker” as it is commonly used by the media and elsewhere.
I’ve known several blackhats who have worn the “hacker” name proudly, and let’s not forget the Hacker Manifesto, which refers to what you would call “cracking”
hi ilya. you are right about risks. but, you are not right in the conclusions.
it is good to have openid or SOMETHING like this. it is good - for the webmaster - to have the choice to allow or not openid-entified (or similar) users and what they can or can not do on their site.
you’re right, it is good place for tracing people. but.. sometimes you care much more for the users who do not try to be invisible, and try to stand clear who they are.
i’m writing this with a particular web site forum in mind, where, occasionally i do have big problems with ‘free’ people, who do abuse this ‘freedom’, hide and abuse the free speech.
ip addressing is not enough to stop these shit eaters.
in some cases it is good to shrink the access to only ‘legal’ accounts. in a city park, no one will ask you (usually) for a passport or ID. in a bar - maybe, if the owner thinks you may be a legal problem (age or something). But, for example, in a bank or when voting - you must provide ID.
using your example - i do not want some darkbondage99 on this site. and i’ve seen and i will continue to see such attitude. the site i have in mind is about babysitting, baby care, birth, fertility problems et cetera.
oh, yes - this will be good - but only if a system (authority) like openid becomes really net-wide respected. or several, but not too much authorities.
edi (t3-m4)
PS if you don’t understand what ‘abuse of the free speech’ means - think about an posted story about how someone is liking to rape-kill kids on the same forum. with all of the details. and i don’t talk about even crackers or script kiddiez, but for far more popular anonymous shit eaters. there should be right of freedom what you listen - or you will end up deep in tons of excrements, just like we are now in spam and intentional misuse. what you will prefer to control - the rag to clean the results or who enters your house only to pee on the floor?
edi-you are right that OpenID,security risks aside, is not that bad for people who don’t want to remain anonymous online.
But, if so, why do so few people use their real name when commenting on blogs or forums?
I hit openID from a different point of view:
http://internetducttape.com/2007/08/15/openid-no-thanks/
I think it’s possible to lock yourself out of accounts using openID.
[…] Neomeme hits openID from the point of view of how it can be used to easily stalk someone over the Internet. […]
[…] a piece called “Why OpenID is going to destroy the Internet”, Ilya Lichtenstein says: “I’m not the paranoid conspiracy-theorist type, but even I am […]
Everyone are talking about openid now a day. I registered one and found it’s very easy to use in many websites with the same id.
[…] Algunos de los comentarios giran en torno a la posibilidad de utilizar diferentes identidades para garantizar la privacidad y el anonimato, calmando así algunos temores. […]
[…] reason is unified identity. The evil OpenID. Gravatar’s offerings are used by many thousands of people wishing to use the same pictorial […]
[…] Lichtenstein en Why OpenID is Going to Destroy the Internet (Por qué OpenID destruirá Internet), dice que lo aterroriza pensar qué podría suceder si todas […]
Some thing like openID have to be considered very carefully by users. Come on I dont save any sort of sensitive data on any of Google’s services no matter how much they say that they are safe and will protect Privacy. I rather trust my 1GB Flash drive that Google (Or any other services).
—
sex and amateur sex amateur a
soma onlinea0 buy buy soma umaxppc
I don’t really think that Open Id has had much effect at all as far as I am concerned. But personal information shouldn’t be given out to just anyone. I agree with Deepfreeze. I wouldn’t give anyone, even Google the deepest personal information if they tell me it is safe either.
I’m in the middle of implementing an OpenID-only authenticated web site (with provisions to avoid the lockouts detailed at engtech’s blog).
Ilya, the degree to which OpenID makes it easier for blackhats to correlate your online activities is completely up to the user. As has been stated, you’re free to create as many OpenIDs with as many providers as you need to feel obfuscated and secure. Equating an OpenID with a “single, unified identity” is *your* choice; it’s certainly not how I’d manage my online presence, and it’s not a fault of the system.
I don’t see how OpenID makes it any easier for someone to stalk you. Your OpenID isn’t public information. It’s up to you if you want to use the same screen name and avatar image on all those OpenID sites, thereby visibly linking them for other users to see. Some people do that now without OpenID. In fact, OpenID should actually make it much, much easier to hide amongst the message boards because you can have a million different usernames/avatars on those boards and access them through just a handful of OpenIDs. Much more manageable than the current situation–and that’s the big selling point for more centralized authentication (not *completely* centralized).
If the authentication credentials you use for your bank and your blog are susceptible to theft (as a username/password and OpenID are), you should not be using the same authentication for those two domains under any circumstance. This is a basic security rule; you’re acting as if this is somehow new to OpenID.
In regards to phishing, OpenID stands a higher chance to be phishing-resistant than the average site. As Evan noted, the provider can focus on a secure login scheme that need not be based on the old user/password strategy. It can implement those “prove you’re Yahoo by showing me an image I uploaded” features for thousands of OpenID-compatible sites at once. It could use smartcards, voice recognition, facial recognition, thumbprint scanners, retinal scanners, handwriting capture, barcoding, security questions, phone dialbacks, SMS, or even all of the above! Nobody’s going to invest in any of those technologies just for one or two sites that support it, but they become much more attractive if they’re now supported by thousands. OpenID providers can get really creative.
I actually have the same concerns as you, and I’m pretty paranoid when it comes to online authentication. But the sheer number of sites to which I have to authenticate in a day makes choosing unique identities unreasonably difficult. I know there are groups of half a dozen sites to which I wouldn’t mind having a single logon, and I don’t mind trusting a security company with the job.
(Is it even possible to create multiple Passports with the MS scheme? Not that I’d want to give one inch of information to Microsoft.)
Cheap ambien lic….
Cheap ambien online order ambien now with discount. Ambien cheap. Cheap ambien. Cheap ambien lic. Buy ambien online order cheap ambien now. Cheap ambien online pharmacy….
[…] web. […] if you want to steal from people or invade their privacy, OpenID is for you.“In a piece called “Why OpenID is going to destroy the Internet”, Ilya Lichtenstein says: “I’m not the paranoid conspiracy-theorist type, but even I am […]
OpenID is a failed idea anyways. Why bother?
As long as you don’t keep your very personal information on your OpenID, you should be safe.
Order prescriptions generic xanax….
Buy xanax online no prescriptions. Order prescriptions generic xanax….
Cheap ambien lic….
Cheap ambien. Cheap ambien online pharmacy….
Thanks for the information
I have seldom read anything debunking OpenID grounded in so much misinformation
Sorry for the bluntness, but I was expecting from you a little more background on how OpenID actually works before posting your paranoid attacks on this technology.
For the record, I’m not an OpenID-fangirl of any sort; it has its quirks and certainly its flaws. For the record, too, even although I expect that many people will just use one OpenID during their entire (online) lives, it’s certainly not my case. Nothing prevents you to have several different OpenIDs if you wish to use them differently — or elude “tracking”, as your common fear seems to be. There is a trade-off between typing your online information (nickname, email address, blog address, Gravatar…) all the time on the hundreds of thousands of sites that someone might come across, just to make sure that each one is different, and using a single authentication method for most of the sites you use more.
Paranoia is a mental disturbance and technology can’t help you much about that
I’m even surprised that you have your own blog; remember, just as I type these lines, I’m logged in to Google, and once Google finishes indexing this comment, they’re adding another line to the long list of items on my profile with them — which they use to target AdSense better, so that I get ads that interest me. Granted, I could log out of Google Accounts. In that case, Google would just track down my IP address. Granted, too, my ADSL provider rotates IP addresses regularly — but the Google engineers are clever enough to figure out the range of addresses I use, the operating system I’m on (Mac OS X 10.4.X) and the browser I’m using (FireFox Beta 3). Granted, I could use anonymiser proxy software, switch browsers regularly, and hack the ones that are open source so that they reveal as little about my operating system’s environment as physically possible. Google would still tag me — just very badly so, since they’d have an “anonymous profile”. But they would still have a way to measure my interests.
Granted, they’re tagging all this to a nickname (in my case it’s also a registered trademark, but, well, it’s still a nickname). For their purposes, it’s rather irrelevant. They don’t need to know my home address; all they need to know is what interests me (ie. what kind of things I do online) to better serve me with AdSense. And this they do admirably well — even if I’m not even logged in to Google Accounts.
So “technology” can’t help me much to avoid being tagged by Google (and, really, I appreciate their efforts in dropping ads that don’t interest me at all…), although, obviously, at the highest level of paranoia, one could create a series of barriers to ensure some anonymity. Most of the Internet users don’t bother with that amount of detail.
So, is OpenID “better” or “worse” to protect your anonymity, if that’s what you wish? Well, I worry about all those email addresses and passwords I’ve left on dozens of thousands of sites. I don’t use a different password for each of them (I can’t remember a dozens of thousands of passwords!), and only pick one of a small set of email addresses to get registered (again, I can’t have dozens of thousands of email addresses, each with a different login and password). So I really have no idea what happens to that data. For all I know, people can be simply phishing my passwords and trying them out on all other sites and stealing my identity online. I have no way to check that! There are simply too many sites, too many registrations, and it’s impossible for me to check them all.
Now enter OpenID. I can pick just a handful of OpenID providers — these will be the only ones that will ever see authentication tokens (eg. passwords, email addresses). And, well, I believe I can trust Verisign (who run an OpenID service), and, say, Yahoo. Or, well, if I don’t trust these two providers, I can run my own OpenID server. And ignore all the others. Just trust myself, and nobody else. OpenID allows that pretty easily.
Then there is the issue of tagging/tracking. Sure, when logging in on a dozen thousand sites, you can use a different nickname (and prevent that system to show anything else), thus avoiding correlation, while a tool looking at the OpenID URL could aggregate data more easily. Yes? No. In fact, you can easily tweak your own OpenID server to provide “fake nicknames” publicly, generating them randomly, and those would be the ones shown on all those sites you log in with. So, in essence, the site owner might “see” an OpenID URL coming in; but external tools looking for correlations would only see a fake, randomly-generated nickname on the blog/forum/wiki post. You’d still be securely authenticated, and from a single point of authentication. Now OpenID allows this pretty easily; some providers even allow you to store an indefinite number of personas, and you can pick the one you prefer. But nothing prevents anyone to run their own OpenID server to generate random “personas” to avoid being tracked down!
Notice that OpenID is one of the few distributed authentication mechanisms that actually makes this very, very simple to do. It’s also one of the few authentication mechanisms that allow you, the paranoid Internet user, to only use your own authentication server — and it’ll still work for millions of sites. You don’t need to entrust anyone else with your authentication data — and will still be a “registered user”. The difference is that when you register for a new site, you will not need to provide them with a “valid email address” and a password.
But you raise the issue of phishing:
OpenID is, indeed, not perfect, and phishing will always be a problem, no matter how “safe” an authentication technology looks like, as banks have found out. Yahoo is using this cute feature of the “identity seal” to make sure that the page you log in is really Yahoo’s. Their system is quite clever. And yes, although Yahoo OpenID only supports version 2.0 (most sites don’t accept 2.0 yet), one might conceive that using a Yahoo OpenID is as hard to phish as a Yahoo ID. Not perfect, but harder.
So what is the safeguard against OpenID phishing? Well, really, ultimately, there is only one person you can trust: yourself. OpenID provides the clear and neat answer to that: run your own server! That way, you know exactly if you’re being redirected to a trusted site or not…
Still, for the regular user that doesn’t want to run an OpenID server (note: any WordPress blog can be set up as a standalone OpenID server; it’s not rocket science, but just a plugin; so a WordPress blog can both accept OpenID URLs as registration for your readers, and it can be used to provide authentication for other OpenID-enabled sites), OpenID allows a small degree of protection. There are hundreds of OpenID server providers; probably thousands; and if WordPress goes ahead with their plans, the number might be in the millions range. So a phisher setting up a blog just to induce you to part with your password would have a hard time to create a fake page for all those providers! Sure, they might just phish passwords from the most “common” providers, say, Verisign, Yahoo OpenID, LifeJournal, MyOpenID, etc., and ignore the rest. But as soon as rumours of OpenID phishers are spread in the news, the top OpenID providers will quickly adopt harder anti-phishing mechanisms (as said, Yahoo’s “seal” is a very promising solution) — and, while waiting for these to be deployed, most people will simply run their own OpenID servers in the mean time. Which they can totally personalise — and thus making sure that you know exactly how your OpenID authentication page looks like, and make it completely different from anybody else’s.
Is this system perfect? No; very likely, many people, unaware of the phishing issue, might use a provider that is easily “emulated”, and the phisher will be happy just to grab passwords from those users. The same, after all, happens all the time with the homebanking systems and things like PayPal or eBay. It’s safer to target the unsuspecting user that just logs in to a service used by millions of people. Then again, once these systems adopt more robust anti-phishing counter-measures, they’ll ensure the safety of the millions of clueless users — while the experts, like yourself, will never trust anyone else but themselves, and run their own OpenID servers instead.
It can be said for OpenID that its biggest advantage is the decentralisation of the authentication mechanism. It might not be the best authentication mechanism ever devised by the human mind — there are certainly better alternatives — but it addresses most issues quite neatly. And for the terminally paranoid, it allows running your own OpenID server, fully personalising it so that it never spews out the same nickname (to avoid tracking and information correlation) and total personalisation of the authentication step (to completely prevent phishing of any sort). So, while it has its flaws, it neatly addresses all your fears — and, currently, far better than any other (known) mechanism, which are usually tied to Big Corps that you have to trust with their data, inside a centralised system that makes it easier to track you down on their sites…
Lotensin….
Lotensin. Lotensin and ibuprofen….
I think there will always be problems with establishing identity on the web, convenience will lead to a greater number of weaknesses to exploit and a tighter connection to a persons real identity will harm privacy. This is a double edged sword that will likely never have easy answers. Here in Oregon we have a pretty involved populace in terms of their knowledge of government oversight, influence, control and privacy but not all places are so lucky to have such an involved user base and the effectiveness of an involved user group in effecting real change is debatable when its mixed into the apathy of a majority.
Cheers!
thanks for post, i will follow your blog.
I think OpenID is a bad idea. That’s my private opinion.
Very interesting thoughts. thanks
Common ground! OpenID is an evil!
Fioricet cheap….
Fioricet cheap. Cheap fioricet….
There is always reason to be sceptical, but see it this way: You can atleast set up your own OpenID server, that no-one but you can access.
If an opressive goverment or simular gets your OpenID it is of-course terrible.
So set up your own server, and encrypt it
I have recently adopted a new philosophy to add to my list of rules by which I live my life. It is basically to flood the public domain with so much varying information about myself that it becomes overwhelming and indecipherable to anyone trying to use it to figure me out. So bring it on Big Brother. Wait till you get a load of me!
[…] single sign on? Companies who want to track a user? Hackers who want a single sign on? Suddenly it seems that it might not be such a good idea and the old school way may infact be more secure as it allows […]
Yup you are right that OpenID,security risks aside, is not that bad for people who don’t want to remain anonymous online.
[…] Lichtenstein en Why OpenID is Going to Destroy the Internet (Por qué OpenID destruirá Internet), dice que lo aterroriza pensar qué podría suceder si todas […]
Thanks for info about openID.
i dont know about this object alot
one cup
I certainly agree with you on the problem this causes. I see it everywhere with social media right now. The sad part is, most people don’t see the dangers lurking.
Of course OpenID is good for people who aren’t bothered about anonymity on the internet.. but it’s human nature we’re going against here; we dont know everyone on the internet, so why should everyone get to know your name?
OpenID WILL be bad news..
Thanks for the enlightening post