[OpenID] PR: OpenID.co.uk - "MobileNumber.OpenID.co.uk" as URI

Allen Tom atom at yahoo-inc.com
Wed Feb 7 22:18:52 UTC 2007

Hi Mark,

It is fine to give people the choice to use their phone number as their 
OpenID, however I do believe that it is an OP's duty and responsibility 
to inform their users as to why this might not be a good idea. This 
applies not only to phone numbers, but also to email and IM based IDs.

While phone numbers and other personal contact information are already 
posted on the net, ]users are usually able to control whether or not it 
is displayed, and to whom it displayed to.  The new twist with OpenID is 
that a someone may signin to an RP using their phone based OpenID, later 
regret the decision, and might not have a way to delete or hide their 
contact info.

A completely different issue regarding phone based OpenIDs is that phone 
numbers are often recycled. Is the OP supposed to periodically verify 
that the user still owns the claimed phone number? What happens if the 
phone number changes ownership? Is the OP required to hand over the 
OpenID to the new owner? If so, is the original owner locked out of all 
the sites that where he used his OpenID?

I do believe that the OpenID community should develop standard 
guidelines and best practices regarding OpenIDs and privacy, as well as 
address the ID recycling issue (as this is not limited to phone 
numbers). These questions are bound to come up if mass adoption is ever 
seriously considered, and it would be beneficial to the entire community 
if we have consensus on the the answers before the lawyers come asking.


Mark Cross wrote:
> Dear Allen,
> I agree with nearly all your arguements here and perhaps I need to think on 
> but:
> - Nobody is forcing you to use your mobile - it's your choice (& just my 
> idea)
> - We have phone numbers on net anyway, so what's the difference from a 
> harvesting POV?
> Thank you for your feedback,
> Mark
> ----- Original Message ----- 
> From: "Allen Tom" <atom at yahoo-inc.com>
> To: "Chris Messina" <chris.messina at gmail.com>; <sites at thirdvisit.co.uk>; 
> <general at openid.net>
> Sent: Wednesday, February 07, 2007 8:47 PM
> Subject: Re: [OpenID] PR: OpenID.co.uk - "MobileNumber.OpenID.co.uk" as URI
>> I really believe that it is not a good idea to encourage people to use 
>> personal contact infomation as their OpenIDs, which applies to both phone 
>> number and email/IM based IDs. The reason is that spammers and griefers 
>> will make life unbearable for people using these IDs.
>> The user's OpenID will invariably be displayed at many RPs, and if the 
>> user's contact information could be easily determined by the OpenID, it 
>> would just be a matter of time before OpenID gets a bad rep for attracting 
>> spam, and everyone switches back to disposable IDs again, or abandons 
>> OpenID altogether.
>> This is the same argument as to why it is not a good idea to post your 
>> email address, IM screenname, or phone number online, especially if its on 
>> some random RP that you're not all that familar with.
>> For OpenID to succeed, it is very important that the early adopters think 
>> very carefully about these issues, or else OpenID could develop a poor 
>> reputation,  preventing its widespread adoption.
>> Allen
>> Chris Messina wrote:
>>> Perhaps the better way to think about this is as a personal OpenID
>>> alias? So rather than publishing it all over the place, an iDP might
>>> offer "phone number aliasing" to help people remember their openids...
>>> So say I sign up on JanRain and add my phone number -- which is
>>> confirmed by SMS or callback code system... Perhaps I could then use
>>> [phonenumber].myopenid.com to login... Just a thought.
>>> Chris
>>> On 2/7/07, Allen Tom <atom at yahoo-inc.com> wrote:
>>>> Hi Mark,
>>>> Exposing one's phone number might not be a good idea for everyone, as
>>>> griefers and stalkers would have an easy way to harass people who had
>>>> phone number based IDs.
>>>> Also, what happens if and when a phone number is recycled?
>>>> Allen
>>>> sites at thirdvisit.co.uk wrote:
>>>>> Hi,
>>>>> Shameless plug:
>>>>> http://www.openid.co.uk
>>>>> Please visit and digg if you like it!
>>>>> Cheers Mark
>>>>> _______________________________________________
>>>>> general mailing list
>>>>> general at openid.net
>>>>> http://openid.net/mailman/listinfo/general
>>>> _______________________________________________
>>>> general mailing list
>>>> general at openid.net
>>>> http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070207/ec559163/attachment-0002.htm>

More information about the general mailing list