[security] MyOpenID
Martin Atkins
mart at degeneration.co.uk
Wed Mar 21 19:39:47 UTC 2007
Kevin Turner wrote:
> On Wed, 2007-03-21 at 21:01 +0200, Dmitry Shechtman wrote:
>>> http://www.google.com/search?q=allintitle:%22Identity+Page+for%22
>> Also a wakeup call for everybody with an email address in their public
>> persona...
>
> Huh?
>
> I hope I'm not over-reacting here, but we do want our users to be very
> clear on what choices they're making about their privacy on
> myopenid.com, so it's important that I understand how people are viewing
> this functionality.
>
> Was calling it a "public" persona not the right choice of words? Is the
> following documentation, linked prominently from the box you must check
> to make a persona public, at all unclear or misleading?
>
> If you select one of your personas to be your public persona,
> the Simple Registration data you provided for that persona will
> be published on your identity page.
>
> You can stop making this information public at any time, by
> unchecking the "Make this my public persona" box on the
> Registration Personas page.
>
> Right now I'm not sure who this "wakeup call" caught sleeping, or more
> importantly, how we could have prevented them from nodding off in the
> first place.
>
I agree with you that this is not really that serious an issue, but for
the sake of full disclosure it might be a good idea to include some text
to the effect of "Any information included in your public persona will
be available to search engines and potentially spammers."
More information about the security
mailing list