[OpenID] [marketing] Fwd: OpenID Spoofing

Dmitry Shechtman damnian at gmail.com
Sun Jan 14 23:43:02 UTC 2007

> For local logins, you have to follow a special link that brings you to
> the faked login page.

MySpace has a Member Login box on its front page.

> In OpenID, this redirection is built into the protocol. Even worse,
> OpenID is advertised as a system to use on as many sites as possible,
> not as a system to login to few sites the user trusts.

That's what I call hostile marketing. OpenID is a system to *use*
everywhere, not to *login* everywhere. Contrary to the described
misconception, it reduces the "few sites the user trusts" to only one.


More information about the general mailing list