Discovery of an OpenID session at an OP
Peter Watkins
peterw at tux.org
Mon Dec 14 19:21:09 UTC 2009
On Mon, Dec 14, 2009 at 09:48:54AM +0100, Chris Obdam wrote:
> I think there a no real privacy issues with this idea? Ok, you know from this anonymous user that he or she has an OpenID with XXX, but is that a bad thing?
Yes, it is a bad thing.
1) Privacy. I want to be in control of what information RPs have about
me. I see how you think it wouldn't be a big deal for someone to see that
I'm logged in to Google and Flickr -- what does that really say about me,
you think? Nothing, right? But imagine a group of ideologically simliar
groups deciding to implement RP+OP to make it easier for like-minded
individuals to use all their sites without relying on some mega-OP? I
don't want the data-hungry folks at Facebook noticing that I'm logged
in to the Greenpeace or National Rifle Association unless I explicitly
approve letting Facebook know that.
2) Security. A malicious site could more intelligently target victims
if it could ascertain what sites the victim is logged into. There's no
need to attempt some online Gmail exploit if the malicious RP can tell
that the victim isn't logged in to Google.
I would hope that
A) OPs would give each user control over whether this discovery was enabled
for his account (and possibly to whom it was available).
B) Any spec describing this would note that the OP SHOULD give each user
the ability to disable this feature for their account and that the default
for new users SHOULD be to not provide this information.
BTW, this sounds a lot like what Luke Shepard of Facebook described wanting
to add to checkid_immediate:
http://www.sociallipstick.com/2009/04/?y%/lets-detect-logged-in-state/
http://lists.openid.net/pipermail/openid-general/2009-May/018232.html
-Peter
More information about the specs
mailing list