I can't find the list of candidates at openid.net (I might have to be
a member just to see them?), but if Peter Watkins' name is there, I
endorse him on the strength of privacy awareness (4 out of 5 posts,
recently, just left me impressed).
Isn't there another privacy issue here -- that the central discovery service
learns what RP sites the user visits? It's not just that I don't want any old
RP knowing what OPs I'm logged into (OPs leaking info to RPs), I also don't
want mega-OPs like Google discovering what RP sites I frequent (RPs leaking
info to OPs).
So, if I follow some link (or am in an embedded iframe) to read an
article that happens to be on the NRA's website, Google (if acting as
my OP) could then receive a notice that I might want to *log into*
the NRA's website, misprofiling me and serving up targeted
advertisements based on my apparent interests? (Change each instance
of "NRA" to something embarrassing and/or NSFW to get me ostracized
and/or fired.)
-Shade
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
