Slashdot Mirror
Mozilla: Unlike FB and Twitter Single Sign-in, Persona Protects User Privacy
tsamsoniw writes "Mozilla today unveiled Persona Beta 2, the newest edition of the organization's open authentication system. The release includes Identity Bridging, which lets user sign in to Persona-supported sites using their existing webmail accounts, starting with Yahoo. Mozilla used the release as an opportunity to bash social sign-in offerings from Facebook and Twitter, which 'conflate the act of signing into a website with sharing access to your social network, and often granting the site permission to publish on your behalf,' said Lloyd Hilaiel, technical lead for Mozilla Persona. He added that they are built in such a way that social providers have full visibility into a user's browsing behavior."
So Mozilla took a jab at Facebook and Twitter but left Google alone? Is this because they take money from Google?
I think you missed the point. Persona is to allow a website to add a sign in feature for users who WANT to sign in.. for example, to save their preferences for the site or have an identity... without the hassle of having users create an account just for your site. The idea definitely isn't new, this is just Mozilla's own take on it.
Not always true. Facebook, yahoo, microsoft, google and the like are for profit companies that rely on advertisements and social graphs or referrals to generate revenue, which they need constantly more of. Got to keep those stock prices high!
Mozilla is a not for profit. They generate revenue with donations and a start page that links to Google. They don't care what you do on the web unless it causes their product to fail.
Mozilla is probably the only group you can trust for authorization, as they don't consider you a revenue model.
I am fortunate to be with a very privacy and security focussed ISP (xs4all.nl) and keep my mail addresses with them because of my dislike of harvesting by the 'free' mail providers.
It is not that I try to hide at every expense, like I use my real name on Usenet, but I'm surely not going to make it easy on the harvesters.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Mozilla is a not for profit.
Don't be so sure. Mozilla is the pipeline... Why else would Google 'value' them so much?
Hyman Roth always makes money for his partners.
“He’s not deformed, he’s just drunk!”
I do not want to sign in. I don't want content personalized to me. I want to see what everybody else sees. Stop hiding stuff from me based on what you think I want to see. And let's not mince words here: You're not creating content for me. You're showing me stuff which already exists and was not tailor-made for me. You're "customizing my experience" by hiding stuff from me. Stop that. I will not sign in.
you guys still believe in this myth?
Asolutely, Mr. Elsgarth J. Finchlipp; 8871 W. Blortmann Terrace; Bleemington, VT, 01010; who recently read the Guardian, New York Times and Scotts Valley Patch, via Google News and purchased Lime Bagels with Soy Cheese at Eugor's Coffee Shoppe and Tea Room.
A feeling of having made the same mistake before: Deja Foobar
The biggest thing I have against single-sign-on is that I need different levels of security for different sites, and I want to keep the sites compartmentalised from each other.
For instance, I want high security for my email account and access it only from computers/devices that I have control over.
However, I have private playlists on Youtube that I may want to show to a friend, on a third guy's (two degrees of separation) computer. I don't want to have to be afraid of logging into Youtube on that machine because that computer would also get access to my email.
When I am on my trusted home computer, having different accounts for different things can get cumbersome with those sites that force single-sign-on on you!
Yes, while I could use the Incognito mode in Chromium to separate my logins -- it does only separate [i]two[/i] sites, and I would have to login each time I need a new window in incognito mode.
It would be much more convenient if I could have different "realms" or "personas", where I could browse each site in its own realm.
"We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
When you understand what Persona is, call me and we'll talk. Until then, stop taking things out of context... it makes you look retarded.
Hint: Personal is a decentralised system/protocol implemented using open source code. Anybody can set up an identity provider, and Mozilla will have no connection to it. In terms of the rest us being users vs being products it is far closer to Linux than your "web based services" (eg Facebook or Twitter).
Because they value all platforms that improve the web.
It doesn't affect Mozilla's autonomy.
Free as in beer or free as in freedom? If is hidden what they do with you is then probably you are the product. But if is done in an open, clear, and verifiable way, you may have some ground to base your trust on it or not.
The year is 2013. The developed world, and much of the developing world, is now comfortable with computers and can very easily understand and work with something like... oh, I don't know... a password manager. I've seen 8 year olds and 80 year olds pick up KeePass in nothing flat.
If you go with the password manager route (or just memorize them), every site will SEE the username and password for itself. This means that every site must implement all the password and account management things securely (ex. password reset). This includes system security as well.
If one uses single sign-on, the participating sites never see the password (in most implementations).
So, the upshot is that you don't end up with a bunch of bit players trying to re-invent the wheel badly, each being an authentication breech waiting to happen. Add to that the fact that many users re-use the same password at multiple sites, and the situation looks worse.
The downside is that, if someone gets your single sign-on account information, then they get access to all your sites. The same is true if they get your keepass db and password, but that's not a service that runs somewhere else.
I think one of the most confusing bits about single sign-on is the end user perception on how its sold... the "you only need to remember one account" is often the first selling point that is pushed. That's really just a side effect. The "no site ever has access to your password" is the bigger selling point, but it's too confusing to explain how that works, and people don't really care.
It's trivial to remove the "authenticate once, single sign-on, and when you visit another participating site you don't have to login again" part. For example, see section 2.1.1 of the Jasig CAS protocol (http://www.jasig.org/cas/protocol),
renew [OPTIONAL] - if this parameter is set, single sign-on will be bypassed. In this case, CAS will require the client to present credentials regardless of the existence of a single sign-on session with CAS.
When that is set, the CAS IdP does not automatically redirect you back to the original site. It will not re-use the established SSO session. It will prompt for login again. This could easily be set on the users profile, or globally on the IdP. You'd then still have the benefit that each participating site would never see your credentials, but it would prevent sites from automatically logging you in. You could also use this to enter different credentials (ie. more than one account on the CAS IdP), so you could still have multiple accounts, and the sites would be none the wiser.
All that said, I'm personally comfortable with maintaining a separate username and password for every service I use, and still prefer it. Besides, the scary part isn't that some site could get the password I use for them, but that some site could be storing a bunch of information about me and I don't want that to get leaked (like vudu's recent thing, where they got hacked and leaked the last 4 digits of users credit cards - the first 4 - 8 digits identify the type of card, the bank, and the branch office where the account was opened, so they're not that difficult to guess; the last 4 are the most unique part of your CC#, so it sucks that it's common practice to print that on all receipts and store it everywhere).
Theses are implementation vulnerabilities, not protocol vulnerabilities.
Beside this, as a user of simpleSAMLphp, I am happy to see it was not vulnerable in this paper