[OpenID] PR: OpenID.co.uk - "MobileNumber.OpenID.co.uk" as URI

Mark Cross sites at thirdvisit.co.uk
Wed Feb 7 22:36:50 UTC 2007


Allen,

hmm this is great feedback as UK cell phone numbers don't "presently" get recycled, so I have been blindsided by my location!
With regards to transfer, I think there should be an agreement on standards to exchange profile information between OP's.

Cheers Mark
  ----- Original Message ----- 
  From: Allen Tom 
  To: Mark Cross ;     
  Sent: Wednesday, February 07, 2007 10:18 PM
  Subject: Re: [OpenID] PR: OpenID.co.uk - "MobileNumber.OpenID.co.uk" as URI


  Hi Mark,

  It is fine to give people the choice to use their phone number as their OpenID, however I do believe that it is an OP's duty and responsibility to inform their users as to why this might not be a good idea. This applies not only to phone numbers, but also to email and IM based IDs.

  While phone numbers and other personal contact information are already posted on the net, ]users are usually able to control whether or not it is displayed, and to whom it displayed to.  The new twist with OpenID is that a someone may signin to an RP using their phone based OpenID, later regret the decision, and might not have a way to delete or hide their contact info. 

  A completely different issue regarding phone based OpenIDs is that phone numbers are often recycled. Is the OP supposed to periodically verify that the user still owns the claimed phone number? What happens if the phone number changes ownership? Is the OP required to hand over the OpenID to the new owner? If so, is the original owner locked out of all the sites that where he used his OpenID? 

  I do believe that the OpenID community should develop standard guidelines and best practices regarding OpenIDs and privacy, as well as address the ID recycling issue (as this is not limited to phone numbers). These questions are bound to come up if mass adoption is ever seriously considered, and it would be beneficial to the entire community if we have consensus on the the answers before the lawyers come asking.

  Allen


  Mark Cross wrote: 
Dear Allen,

I agree with nearly all your arguements here and perhaps I need to think on 
but:

- Nobody is forcing you to use your mobile - it's your choice (& just my 
idea)
- We have phone numbers on net anyway, so what's the difference from a 
harvesting POV?

Thank you for your feedback,

Mark

----- Original Message ----- 
From: "Allen Tom" <atom at yahoo-inc.com>
To: "Chris Messina" <chris.messina at gmail.com>; <sites at thirdvisit.co.uk>; 
<general at openid.net>
Sent: Wednesday, February 07, 2007 8:47 PM
Subject: Re: [OpenID] PR: OpenID.co.uk - "MobileNumber.OpenID.co.uk" as URI


  I really believe that it is not a good idea to encourage people to use 
personal contact infomation as their OpenIDs, which applies to both phone 
number and email/IM based IDs. The reason is that spammers and griefers 
will make life unbearable for people using these IDs.

The user's OpenID will invariably be displayed at many RPs, and if the 
user's contact information could be easily determined by the OpenID, it 
would just be a matter of time before OpenID gets a bad rep for attracting 
spam, and everyone switches back to disposable IDs again, or abandons 
OpenID altogether.

This is the same argument as to why it is not a good idea to post your 
email address, IM screenname, or phone number online, especially if its on 
some random RP that you're not all that familar with.

For OpenID to succeed, it is very important that the early adopters think 
very carefully about these issues, or else OpenID could develop a poor 
reputation,  preventing its widespread adoption.

Allen



Chris Messina wrote:
    Perhaps the better way to think about this is as a personal OpenID
alias? So rather than publishing it all over the place, an iDP might
offer "phone number aliasing" to help people remember their openids...
So say I sign up on JanRain and add my phone number -- which is
confirmed by SMS or callback code system... Perhaps I could then use
[phonenumber].myopenid.com to login... Just a thought.

Chris

On 2/7/07, Allen Tom <atom at yahoo-inc.com> wrote:
      Hi Mark,

Exposing one's phone number might not be a good idea for everyone, as
griefers and stalkers would have an easy way to harass people who had
phone number based IDs.

Also, what happens if and when a phone number is recycled?

Allen


sites at thirdvisit.co.uk wrote:
        Hi,

Shameless plug:

http://www.openid.co.uk

Please visit and digg if you like it!

Cheers Mark
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

          _______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

                  
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070207/5846d2c4/attachment-0002.htm>


More information about the general mailing list