Mozilla tells Persona single sign-on to singularly sign off Mozilla is abandoning Persona, its attempt at single sign-on, setting a November end-of-life date for the service. The laudable idea was that instead of an SSO beholden to the likes of Facebook's OAuth, users of persona.org (originally launched as BrowserID) would get similar functionality without the privacy invasion. Users …
This was never going to fly. You need serious power to bootstrap an identity service. Basically you need to be Facebook.
Sometimes I feel like I'll never sign up for anything on the internet ever again. What I have now is all I ever will.
I have permanent sign-up fatigue, and they're all some privacy sucking, scam business model anyway.
Did you sign up for the "never sign up for anything ever again" app? It's free and we will not resell your information. Just be sure to painstakingly examine this 25 pages EULA and tick the "I agree to random terms and conditions on random agreement written by bored faceless lawyers" box on page 4 of the tabbed browsing experience (patent pending), just after your performed the priming of the SMS-based secure unlocking process in 15 steps, which enables a single-sign-on 6-factor-authentication factory-outlet-token login. After that, click on the cogwheel icon on the top right and you will be presented with the "huzzah-what?" interface that will allow you to update your personal details and present you with music preferences that you don't care about but the preferred partner discounts on ShenzenContainer-branded clothing will be worth it. Do not forget to agree to our revised cookie policy and to enable Javascript from the 15 different sites excluding cloudfront servers that we pull code from for no good reason whatsoever as our site has been optimized for this. For best experience, install Adobe Flash and this will be the last thing you will ever hear.
If you only play one character consistently then it's the same difference - your activity can still be tracked across the different sites you use, just without an actual real world identity to go with it. Although that doesn't matter to advertisers generally, they get what they want from your browsing profile, ie. what you have actually done, rather than who you say you are.
And if somewhere they can connect the persona to your credit card number then that's the ball game. Are you sure you have never exposed that link for them?
If I go to a site and they offer only "Sign in via..." and don't allow me to create an account for that site only I move on.
So many sites today only offer "Sign in via Facebook" or "Sign in via Google". It doesn't take much to work out why... The way things are going there will soon be a few networks: Farcebook, Gooble, Micro$lurp etc. rather than a single "cohesive" Internet and like streaming services you will need to subscribe to all of them to get the content you want.
> So many sites today only offer "Sign in via Facebook" or "Sign in via Google".
To be fair, I haven't seen that many of them, maybe once or twice a year (yes, I do just navigate away).
Are there sites out there doing this which are any use, or just silly sites offering no real content or service?
And thus projects are being culled. Resources of the human kind have probably been reassigned to the unemployment office. Yet this project, while unsuccessful in adoption, does not begin to plumb the depths of uselessness of Mozilla Open Badges, among others.
I looked at Persona a few years ago when the Mozilla wiki and bugzilla switched to it. Technically it's quite nice and easy to implement into existing applications. I considered creating an LDAP-Persona bridge in PHP to allow a couple of the organisations I still unofficially sysadmin for to sign in to internal stuff with corp creds, without having to making LDAP available and tunnels etc.
The downside to Persona was that it is decentralised. The money-makers of the modern web aren't particularly fond of decentralised.
I ran my own OpenID endpoint (provider?) for a while which was great apart from most services just use OpenID for initial sign-up then just keep a copy of your e-mail address etc locally anyway. Instead of storing the OpenID endpoint. It seems this is often the case with the sign-in with Google/Facebook/Twitter brigade too, you usually end up being funnelled through the process of creating a local account with the third party anyway.
Sadly there's more money in flogging e-mail addresses than OpenID endpoints or OAuth session keys.
One of the nice features of OpenID (possibly in v2 IIRC) was that you set things like usernames, forum nicknames, locations, timezones, avatars and any other metadata locally on your endpoint then the 3rd party service grabs and updates that data when you login.
Edit: I can believe I spent 10 minutes writing about Persona. I need to get out more.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
