Yahoo Backs OpenID. And, So?

Posted by: Rob Hof on January 17, 2008

So every techie around the globe is just tickled to death that Yahoo has backed OpenID. But how many people actually know what it is, let alone why they should care?

Oh, I think it’s potentially quite important: a way to carry a consistent digital identity across the Web, so you can reduce or eliminate the need to sign in dozens of times at various sites you use. OK, but obviously that hasn’t kept a whole lot of people from using the Web. And that’s why some people rightly point out that this could be a solution in search of a problem that most people don’t really care that much about.

Call me cynical, but I’m also a little suspicious of the unbridled enthusiasm of so many Web companies for something that will identify us all around the Web. As the OpenID site puts it: “With OpenID, you create a single username and password, along with some data about you.” (Italics added.)

My question is, what kind of data? There’s something of an example here. And to OpenID’s credit, the notion here is to give users control. But will they take it? I suspect many people will not. For instance, if you’re on AOL, did you know you automatically have an OpenID profile now? Most people online are pretty lazy when it comes to maintaining control of their data online.

Seems to me that once OpenID data starts to include things on sites we visit, marketers are going to get very interested. Today, they must resort to pretty arcane methods, from behavioral targeting to cookies, to divine our apparent interests. Is some of the push behind OpenID because marketers think it will be a dandy way to target people with ads or pitches better? If so—and I could be wrong on that, since the people behind OpenID seem to have noble motives—I wonder if people already a little creeped out by targeted ads will find OpenID more of a problem than a solution.

Reader Comments

John Furrier

January 17, 2008 4:38 PM

Good read Rob on the ad benefits. To me it's a step in the right direction (a crack in the door that has been shut for years). Yahoo openness has to enable a positive user experience then the real advertising benefits will arrive.

I'm expecting a big move from Yahoo. I have the feeling that this announcement is the pretext to something bigger coming. Yahoo has to put themselves in the social networking business and they need to do it fast.

This is a great first step for Yahoo to take. Let's see if this can be a rising tide for the web 2.0 industry.

Brandon W

January 18, 2008 10:30 AM

I am about as sick of advertising on the Web as anyone, but it's clearly here to stay. You could look at this as a benefit. Having and OpenID that also stores my preferences and tastes would mean that - if I'm going to have to put up with advertising anyway - at least it will be more relevant. There is definitely an enormous appeal to a single sign-in, as well. Personally, I already have an OpenID that I purposely sought out and created, and I wish all sites used it.

Sean A

January 18, 2008 11:02 AM

I believe OpenId is a great idea but what would you do if more than one person uses the same login. Also, having to login to each secured site might be better due to better security then. If you forget your login information....usually it only takes a couple minutes or so to get it thru some personal verification.

OpenId would be open to hacking and it would pose great security risk. The hacker would have access to all things instead of one of your accounts.

I think with due time and tweaking of OpendID....it may become more secure than it already is and safer. As of right now....PRONE TO HACKING WHICH WOULD ALLOW ACCESS TO ALL YOUR LOGIN ACCOUNTS WITHOUT MUCH EFFORT.

Sean A.

January 18, 2008 11:08 AM

OpenID does sound interesting and I would like to see how it would be secure enough and what upgrades or modifications would be made in the future.

RIGHT NOW....

A hacker would only have one place to get into have access to all stored accounts info's instead of just one of your accounts.

I think with due time and tweaking of OpenID…..it may become somewhat more secure than it already is and safer. As of right now…..PRONE TO HACKING WHICH WOULD ALLOW ACCESS TO ALL YOUR LOGIN ACCOUNTS WITHOUT MUCH EFFORT. Needles to say....this right now would be a streamline way for a hackers dream.

Mikel M

January 18, 2008 12:08 PM

I think that there is a bigger potential that is being ignored here.
I can see a point where a single ID for the Internet becomes a social norm and no one will trust anyone that is not using it. After that it could even become a requirement or even law.

I know that all the conspiracy people will now start to scream about big brother now.

But I think that too often people use the anonymous nature of sites to hide behind. When people have the same ID no matter where they go I think they will be a little more mindful of the things they do and say on the Internet.

I for one would like to know if a post or blog is being written by someone with an agenda or if it is an honest opinion. How can you trust what anyone posts when you have no idea if they are who they say they are?

Of course people should always be able to post as anonymous if they want to. But then we would all at least know it at that point instead of someone hiding behind an ID they will use for a week and then create a new one.

STEPHEN

January 18, 2008 12:57 PM

Didn't MSN already try this??? Good luck...

Chris

January 18, 2008 1:19 PM

I agree.
One-stop shopping for the Identity Theft professionals.

Kind of reminds me of a skit from an old Comedy show a few years back.

"we gots car alarms, car ste'eos, and if ya act now, we can prolly git ya th car!"

"Here at OpenID we gots usernames, passwords, and if ya act now, we can prolly get ya the social security number!"

Alex Barnett

January 18, 2008 1:57 PM

reading through the comments show a lack of understanding of what OpenID is.

Example: This comment by 'Chris': "One-stop shopping for the Identity Theft professionals." Chris - that's pricely what OpenID isn't - there is no one data store controlled by an single entity, it is a distributed system.

Read up.

Chris

January 18, 2008 2:23 PM

Alright, so my username for gmail is ACB123 and my password for gmail is 321CBA.

With OpenID, I just log into my OpenID account and navigate to gmail. Gmail recognises me by signing me in automatically using OpenID or Live! or whatever "reduced sign-on" technology is the flavor of the day.

Am I to believe that no system has a link between my OpenID information and my Gmail information?

Of course there would need to be some type of link, secure or not, between my GMail account and my OpenID account. Otherwise, Gmail wouldnt know the difference between you and me.

Point being, if I have my GMail, Compass Bank, AMEX and CitiBank accounts linked thru OpenID ... and my OpenID information is compromised (via whatever distributed system was hacked) then by default, my personal account information is also compromised.

Logic is logical, and logic dictates.

puttputt

January 18, 2008 2:32 PM

Brandom W. and Mikel M. work for openID. As Mikel M. puts it

"When people have the same ID no matter where they go I think they will be a little more mindful of the things they do and say on the Internet.

I for one would like to know if a post or blog is being written by someone with an agenda or if it is an honest opinion. "

So openID is basically a way to censor you and know your thoughts.

I wonder if Mikel M. could elucidate us on OpenID's "agenda".

Brandon W

January 18, 2008 2:43 PM

PuttPutt, uh, no, I don't work for OpenID or any company that promotes it. At least not yet. And I'm not sure what concern you have with accountability. What are you trying to hide?

Chris

January 18, 2008 2:48 PM

Oh yeah. I made an OpenID account too.
it's "CK" as in - my initials.

While I'll admit, I did not delv deeply into all the other sites linked, I jsut wasnt very impressed at all.

Looked like a stripped down mySpace website for the most part.

I still do not feel comfortable with reduced sign-on technology, not without other security measures in place.

The Government used Reduced Sign-on all the time, but keep in mind, when they use it, it's in conjuction with a Smart Card/Reader combo that reequires not only the card, but also a 4-8 alpha/numeric "pin". For more secure areas the Smart Card is used in conjunction with a username and password. For the even more secure areas, Biometrical data is used.

It'd be silly to think that Best Buy will have an advertisemetn as such:

Buy a new Pentium dual-processor with 10/100/1000 Ethernet Controller, Smart Card Reader, Retinal Scanner, Thumbprint device, mouse, keyboard and 17" Flat Panel LCD monitor.

Which Im sure, with all those biometrical devices the world would be more secure in this ever-growing time of Identity Theft - but really, how feisable would such devices be to the average user?!

Speaking of Identity Theft ... Of course it's a problem. You can not turn on the radio these days without hearing yet another companty promising a million dollars to protect your identity. Yet another hacker scheme to get your private information. A Solution such as OpenID is like going to the Emergency Room with a 103.6* fever and being administered Chloraseptic as a remedy. (ie: does not really have anything to do with the solution, and may very well, make the problem worse).

as STEPHEN pointed out ... Didnt MSN already try this? Was really pretty pathetic. So OpenId is getting some hype because Yahoo took notice. Yahoo would do good to take some notes from Bill Gates and scrap this project before they have to start charging by the Mg for downloads on their DSL services just to pay for this useless technology.

Steve

January 18, 2008 2:53 PM

I wonder if these people are familiar with the idea of NOT putting all your eggs into one basket. I guess not.

Tina Belmont

January 18, 2008 2:54 PM

I don't recall anybody becoming excited about this idea when it was Microsoft Passport.

Tom Philo

January 18, 2008 3:12 PM

OpenID Motto:

"Hack Once - Steal Everywhere"

Sam A

January 18, 2008 3:43 PM

There is a huge lack of understanding of what OpenID is about here.

First of all, OpenID is owned by no one, run by no one, and promoted by enthusiasts. It was written by nerds who hate big brother and want to protect their security and privacy-- THATs why its so amazing that these companies are getting on board.

I can run my own OpenID from my computer and my bedroom and Yahoo has said they will recognize me and allow me to use their services.

No more of this jumping through hoops just to add a comment, upload a photo, or personalize some web application. With my OpenID I have my info in one place, and I use it and release it as I see fit.

With that in mind:

@Sean A
If someone hacked your e-mail, they could go to every website on the internet and use the "reset my password" function to access your account. This isn't a new issue at all. In fact, most OpenID providers are developing new ways to secure your OpenID, something that e-mail providers haven't done in years.

@Chris
With OpenID, you can use your own website (like chris.com) to log into your gmail. You can host your own openid from your house, or you can forward chris.com to your yahoo openid, or any other OpenID server, and you can switch the server at any time. All that gmail cares about is that you log in with "chris.com". There is no 'link' between your OpenID server and Gmail, AMEX, or Citibank that you can't break or change at any time you wish. I think you might be interested in reading up on some of the info about OpenID thats already out there.

@Steven
Yes, Microsoft had Passport. The difference is that OpenID allows you to be your own Microsoft and control your own data however you wish. Even from your bedroom, if you wish.

@Puttputt
OpenID isn't a company, so people can't work for it. I'm not sure how it could "censor you or know your thoughts".

@Rob
The point is that the data that is released is under my control now. When I decide that myspace sucks, I could take my entire friends list to facebook (not today, but if this keeps up). Or I could just keep a psuedonym on my OpenID that I use for logging into my various My Litte Pony forums. The amount, type, and validity of the data is up to me. OpenID just allows me to stop doing the same repetitive task of "account creation" and "account personalization" at every-single-site I want to use.

Sam A

January 18, 2008 3:51 PM

@Steve, Tom, Tina, Chris

Everyone I know (and whether you admit it or not, probably yourselves) has a primary e-mail account that is associated with multiple important websites.

How is that e-mail account secured? With a username and password?

If a hacker has access to that password, they could easily access any, and every website you have visited, and checking your pass e-mails would give them a great list to start at.

Chances are, you use the same password at those other sites as well. They wouldn't even need to reset your account.

Now, what if you found an e-mail provider who used a secure, multi-factor authentication that greatly reduced hacking?

It would be nearly impossible to change your e-mail address because you'd have to alert everyone you knew.

With OpenID, that same scenario is EASY. You can switch OpenIDs on a whim. There is no "Microsoft" that locks you in with OpenID.

In fact, many OpenID providers are coming up with new ways to secure people. We're seeing innovation in an area that been stagnant for years.

If you don't believe, check out Vidoop's www.myvidoop.com, or Verisign's pip.verisignlabs.com

Kim C

January 18, 2008 4:04 PM

I just don't know. I mean, I'm as lazy as anyone else and like the idea of not having to sign in every single time I go to another site, but OpenID still kind of freaks me out. Like Chris said, there still has to be a link somewhere between sites, opening the possibility for hackers. I don't ever click the "remember me on this computer" button when signing on to a site, even if I'm at home. It just leaves you too open. That's what I'm afraid this OpenID will do.

Steve Miller

January 20, 2008 11:47 PM

Is single sign-on worth the price of possible privacy concerns and user security breaches. Beside, there is already web automation software out there that allows you to manage your different web accounts such as Newbie Web Automation and Iopus.

Sean N.

March 17, 2008 6:25 AM

@Steve Miller

Of course it's worth it. Besides, if it can be done, it must be done! Seriously, since people COULD build the atomic bomb, it HAD to be built, REGARDLESS of the consequences.

Silly ways of thinking in our society. Just wait until OpenID gets fully fledges. Then, we'll in trouble.

Post a comment

 

About

Bloomberg Businessweek writers Peter Burrows, Cliff Edwards, Olga Kharif, Aaron Ricadela, and Douglas MacMillan, dig behind the headlines to analyze what’s really happening throughout the world of technology. Tech Beat covers everything from tech bellwethers like Apple, Google, and Intel and emerging new leaders such as Facebook to new technologies, trends, and controversies.

Categories

 

BW Mall - Sponsored Links

Buy a link now!