I'd say Mozilla's Persona delivers it best:<p>* Mozilla doesn't have any information on you<p>* Mozilla doesn't store your password if possible, and instead falls back to your email provider (but they do NOT learn which site you logged into)<p>* It can eventually be decentralised and browser-integrated (though this may have been abandoned)<p>* The site only knows your email address<p>I can't remember, but I don't know if Mozilla knows which sites you log into, either.
OP here. Excited to start showing this stuff to the world. We think identity and login are really broken today, especially on devices that are becoming smarter (mobile, TV, etc.), and we are hoping to provide a solution that lets you take an identity with you wherever you want/need it.<p>Since we're not a social network, we can avoid a lot of the risk and confusion about how to use the product without accidentally sharing too much information, and really focus on building a first-class identity product.<p>We're happy to answer questions if you have them. There's more to come, soon!
I'm excited for the possibilities this opens up, but I have some questions.<p>How does this service pay for itself? If its not a for-pay service how can I know you're not trying to amass a database of info to resell to marketers?<p>I like the idea of anonymous login, but how anonymous exactly is this? Of course I have to auth to your site so you know my IP, how long do you keep logs for? If I don't login for 6 months can I rest assured that my IP is gone from your logs and can't be tied to my account until I auth again?
Why would successful developers and publishers integrate Hoomi?<p>Is user demand for Hoomi their only incentive? Or is there a positive benefit for them as well?<p>If the former, it's not clear why developers would rush to support it until it accumulates a very large and uncompromising user base; and building that user base will be hard without a lot of apps/sites already integrating it.
<i>We even move the “Cancel” button up to the corner and out of the main authorization experience because the risk is so low</i><p>I don't care how good anyone thinks their product is, it does not justify implementing a dark pattern like this.
I'm going to be a bit blunt maybe, but this is my response to this 'yet another single sign on mechanism' post<p>- Who is Hoomi, and why should I trust them with credentials for other sites?<p>- Who is using this already, and why will users trust this? Any big names?<p>- How long will this project live? How is it funded?<p>- Do you know that your logo looks way too much like utorrent's, but upsidedown?<p>- Has this been battle-tested against hackers?<p>I'm sorry, but i'm not excited.
Why not take this all the way? Why require e-mail and/or cell phone?<p>You could also distinguish yourself vis-a-vis persona which requires an e-mail address.