[tor-talk] Mozilla Persona and Tor
Guido Witmond
guido at witmond.nl
Thu Mar 28 23:10:33 UTC 2013
On 03/28/2013 08:55 PM, Mike Perry wrote:
> Thus spake NoName (antispam06 at sent.at):
>
>> I have heard in the past about Persona. Actually BrowserID. It
>> sounded like a bad idea, but I can't recall why I have set this
>> oppinion.
I guess, you perhaps should read on...
>
> I actually really like the privacy properties Persona *could* provide in
> theory. In theory, it can solve most (or maybe even all) of the problems
> we have with third party identity providers today.
>
> There seem to be some wrinkles in practice, though.
...
>
> From my perspective the most important properties of Persona are:
>
> 1. In theory, the identity provider does not discover the sites that you
> visit. It merely issues a signed statement that your browser stores to
> later present to websites. If this property holds, it's quite awesome.
>
> 2. Sites that you visit do not get to inspect which identity statements
> you have installed. The user is prompted to send the site either zero or
> one of their potentially many signed identity statements. This is also
> awesome.
Agreed. It would be cool if it was limited to these.
In my not so humble opinion: Persona requires an email address!
Email addresses are Personal Identifying Data!
Email addresses are a scarce resource for most of the worlds' people.
Even for the enlightened few that have their own domains. Or the people
that can use xxx+<variable part>@yyy.zzz like addresses if the site and
their provider allows it.
IMHO: The only way to use Persona privately is to use a throwaway email
address for each different site.
Regards, Guido.
More information about the tor-talk
mailing list