Authentication mechanisms and they way they are implemented can have bleedover into the ability of a user to maintain control of their anonymity and privacy.<p>Has there been any writeup that explains the potential impact of Persona on privacy? Not just the impact when used as intended, but also any unintended effects?
I can't come up with any reason why this isn't going to be massive. The password problem is the single most frustrating and alienating issue I can think of for normal users.
How would I log in from a friend's computer with Persona? How about from an Internet cafe; how safe would it be?
Persona looks like something that lock's you into a certain device or at least makes it harder to log in on device's that are not your own.<p>I'd rather they made OpenID less scarry (to average Joe) instead.
Are there any good descriptions for how Persona works? I can find plenty of developer documentation on this site, but I can't seem to find a good, concise description of what parties are involved and what the protocol is, etc.<p>(Maybe I'm not looking deep enough? Anyway, thanks in advance.)
I really like the overall result of Persona when used for logging into a web site, but has anyone come up with a good way of integrating Persona login with mobile apps or APIs?<p>I suppose mobile apps would ideally use some sort of Persona login service provided by the underlying OS, and until such a thing exists I guess an app could reimplement all the user-agent logic and load the user's login page in a webview. But I have no idea how at all I would go about designing an API for a website which uses Persona for logins.
Other than the benefit of using strong crypto under the hood, I'm not sure what benefits this has over a system like openid. It has about the same level of interactional complexity, and at the additional cost of requiring browser support.<p>If we're going to have browser support anyway, I'd rather just use standard two-way SSL and put the work into developing better UI and private key distribution systems for it. It's even more secure and has a great user experience once you've set up the key in the browser and authorized it to the site.
Does persona reveal your email address to the website that you login to?<p>OpenID usually doesn't reveal your email address.<p>For example, when logging in to Google via OpenID, google will only send back a unique identifier that means 'yes, the user has a google account' but no other personal information. Yahoo does the same.<p>(of course, it's possible to use OpenID extensions to get a user's email at their discretion)<p>Does persona work in the same way?