What is Digg?Sponsored by Sony Pictures
Adam Lambert sings the 2012 theme song, “Time for Miracles” view!
whowillsurvive2012.com - Watch the Adam Lambert music video for the 2012 theme song. See 2012, in theaters Nov 13
117 Comments
- canewediggit, on 10/12/2007, -9/+128ok, someone explain to me why openid benefits me as a user, not just of digg but the net in general. because i read through their site, i read the proxy link site someone put in the comments, and i still don't get it. flame away if you must, but i'd appreciate a real response.
- s1rk3ls, on 10/12/2007, -3/+112It means you don't have to create another account at another website - just enter your open id user/pass and those details are provided for you, saving you the time. If you don't like it, don't use it.
- OutrightLie, on 10/12/2007, -5/+40OpenID is a nice idea because it becomes like Microsoft's Live Accounts. You can integrate your site, and have a user login feature to get to more portions of your site, but the user doesn't have to be concerned with security, because their passwords never touch your server. It is better than Microsoft Live Accounts because if you no longer feel comfortable with leaving your user name and password on a server, you can remove it and switch to any number of providers.
And because you already signed up with a provider and given them your information, it saves you going through the sometime lengthly sign up process on some sites. - dtd00d, on 10/12/2007, -9/+41Oh man it's a digg-me-down party!
Can I get invited? - dburka, on 10/12/2007, -3/+22Sure, that's a natural response to something that brings all of your data together. Some people will want to track everything under one umbrella, some people will want to keep their identities separate and as private as is possible on the internet. OpenID will be optional, so both groups of people will be satisfied.
- sporkmonger, on 10/12/2007, -1/+19@shakin
Doesn't work that way. With OpenID, the login is on a remote site, not on the page you're trying to access. The site that you're signing into never sees a password, rather, it gets a verification from the remote site that you are who you say you are. So apart from a phishing attack, OpenID is pretty immune to that sort of thing. That said, I'm reasonably confident that OpenID would be unusually vulnerable to careful phishing attacks, but that vulnerability won't be there for long if OpenID picks up any more steam since browsers will begin detecting that sort of phishing attack as well.
edit: heh, this reponse makes less sense now :-P - robeyscs, on 10/12/2007, -10/+26Or.... it gets things i may truly want to buy in front of me instead of crap I could care less about! Look at it both ways... sometimes targeted marketing is good for both the consumer and the retailer...
- jamester, on 10/12/2007, -1/+15One thing to consider is that Digg supporting OpenID does NOT require that YOU use it. If you don't like it, fine. If you do, great.
Have your cake and eat it too.
Personally, I dig OpenID because I -don't- want to share a bunch of personal info with many different sites. - PAJK, on 10/12/2007, -1/+14OpenID is like a Wiki, in that it's so radically different, people just don't get it. It is the complete opposite of what most of you here (who are getting dugg up!) think it is.
It is the OPPOSITE of all your eggs in one basket. You can change your basket whenever you like, and your OpenID login will remain the same. It is open, and changeable in every single way. Hence the "Open" part. - DavidPP, on 10/12/2007, -1/+12You guys don't understand ... with openID you DON'T have to give your info to every website you want to comment/post on. You just give an url that is your and the website know it's you without having to stock your private info like your password ...
- inactive, on 10/12/2007, -4/+14Microsoft Passport sucked. why is this going to be diffrent?
- tfinniga, on 10/12/2007, -2/+11Yeah, I doubt that OpenID will be mandatory. But personally, I can't be bothered to remember a different username/password on each website that I visit, so I use the same one.
Perhaps the system is more for people like me than people like you. - tfinniga, on 10/12/2007, -2/+10You should do a little reading on it first. You can run your own OpenID server - an OpenID is just a URL.
Perhaps you were thinking of MS Live ID. Or MS .NET Passport. Or MS Passport. Or whatever it was called before that. - bcardarella, on 10/12/2007, -4/+12I'm still up in the air about OpenID... it sounds like a good idea but much like @toscadisco I believe it has a great possibility of being exploited to track my traffic.
For those that have no idea about OpenID:
http://www.youtube.com/watch?v=Vq0R1Y1A2rE - ToscaDisco, on 10/12/2007, -28/+34There's no way I'm using OpenID. It looks to me like it has the potential to be yet another way for sites to track my on line habits - so they can better work out how to sell me all the pap I don't know I need. Why do I need another tool in the advertisers arsenal - I already provide them cookies and 3rd party web bugs and javascript tracking.
***** (yep that means you).
The more statistics you give the world on how you react to different advertising stimuli, the easier it is for them to manipulate you into buying their crap - this is going to allow much broader tracking. Every site you go to that needs authentication sends you to your authorizing site and back again. Great. - mprasad, on 10/12/2007, -0/+6There's a Open Discussion on OPEN ID via SkypeCast going on tomorrow @ 4pm PST. It includes some people from AOL, Microsoft, and a few other people involved in OPEN ID. It'll be an open forum so anyone can ask questions. If you're interested in showing up, check out www.idcast.org (site is being put up today).
To clarify a few things I've been hearing on here, the concept of OPEN ID is that it's decentralized and there will be many providers. Currently the source for most providers is open so anyone can see whats going on. It gives you a choice on controlling your identity, and more control on who sees what. Also, there IS work being done on security, and a lot of us are hoping to see increased security features to be come available. Bottom line is that there needs to be, and if adoption of OPEN ID is good, then there will be. Any OPEN ID provider can build on the technology, and someone WILL do it, provided theres enough reason to do so.
Either way, with some many recent providers adopting OPEN ID, its definitely something to be paid attention to. Come to the Skypecast tomorrow, ask questions. idCast.org is trying to create an open forum so you guys can help shape what happens.
Hopefully I'll see some of you there! - bobothn, on 10/12/2007, -3/+9One username one password
Username=bugmenot
password=bugmenot - jamester, on 10/12/2007, -1/+7I don't see it as a monumental waste of resources. How would it be?
Firefox's built-in password manager is great if you always use your own computer, but I don't see that as directly relating to OpenID. - sporkmonger, on 10/12/2007, -1/+6@everyone who is worried about OpenID being used for tracking
The only site that can track your usage of the ID with any level of effectiveness is the identity provider, and because you choose the identity provider, you have much, much more control than a lot of you are assuming. In fact, you can run your own identity server if you want, just for your own site. Takes a bit more work, sure, but the option is there, and the software to do it already exists. The only other way to track OpenIDs is for sites to cooperate and share information between databases, and that's something that can be done right now in the absence of OpenID -- just merge user information on the email address instead of the user id. - rende, on 10/12/2007, -0/+5Whats the best way to run your own openid server (one user)?
- canewediggit, on 10/12/2007, -7/+11thanks for responses. i guess it makes sense if you want the same info to be part of your account on everything you sign up for. personally, i don't see myself using it.
- Soapbar, on 10/12/2007, -0/+4Its a great idea and with the different services that have announced support. Its makes the chances better that OpenID gets a large userbase.
There seems to be a big of confusion about what it actually is so I'll try to sum it up in a sentence.
"Having a universal login for everysite that adopts the OpenID system" - sporkmonger, on 10/12/2007, -3/+7@Vann
Yes, OpenID is decentralized, but it does not prevent tracking by sites that decide to cooperate. You're using the same identifier on both sites. Before, they could simply guess that "sporkmonger" on digg was the same as "sporkmonger" on Slashdot, but with OpenID, you know for sure. That said, cookies are still a much more useful form of tracking than OpenID EVER will be. The original poster is being more paranoid than necessary. - mikebrowne, on 10/12/2007, -1/+5I signed up. If enough sites implement this it will be great otherwise it's just more noise. That Digg has chose OpenID is a good sign. I have at least 100 logins and passwords to remember (thank goodness for Firefox's password keeper).
I too am not keen on one place having all of my surfing information, but it's better than those darned sneaky cookies. At least I have a choice in the matter. - sporkmonger, on 10/12/2007, -0/+3OpenID has little to do with email addresses, and more to do with preventing every site you log into from having your password. If you used "thenik" to log into Capital One, and you used "thenik" to log into digg, and if Kevin were less scrupulous and he didn't encrypt the passwords in his database, he might try logging into Capital One with the same password you used on digg. Obviously, Kevin's a nice guy, and he'd never try that, but that doesn't hold true for everyone. And obviously, not everyone is dumb enough to use the same password on Capital One as they use on digg, but there are a lot of digg users. And at least some of them ARE dumb enough. OpenID is an authentication system that allows users to sign into sites without giving them a password.
- sporkmonger, on 10/12/2007, -0/+3That's not actually 100% true. Yes, that is the case for the base protocol, but the protocol allows extensions, and one of the most commonly implemented extensions is the profile exchange extension. And frankly, I'd be willing to claim that in many cases, OpenID is more secure than what some banks use. Certainly more secure than what my old credit union used anyways. (username was the account number, which was of course, printed on every check I wrote, and passwords were numeric-only, 4 digits.) I'd much rather have had my bank using OpenID than that setup.
Think about it this way: OpenID puts security in the hands of the people who AREN'T incompetent. - Wyzard, on 10/12/2007, -0/+3Indeed, however AOL got that information, it has nothing to do with OpenID, because Digg doesn't support OpenID yet.
Once Digg does support OpenID, if you were to *voluntarily* associate your AOL OpenID with your Digg account and then log into Digg with it, then AOL would know that you've logged into Digg. But only if you choose to do that. (And even then, I don't think they'd be able to see your Digg username -- that's Digg-specific info that's not part of an OpenID login.) - vann, on 10/12/2007, -5/+8OpenID is decentralized which means there's no reliable way to collect data on users. You authenticate against servers you trust and it is only with those servers that your user data is stored.
If Digg were to implement OpenID neither they nor the OpenID provider would be able to get more information about you than you're already giving. - Atomic1fire, on 10/12/2007, -0/+3what happens when .net breaks
at least with openid
you have multiple providers for the same services (certain services let you list multiple providers on one account so in case your provider goes down you have a backup - mointrigue, on 10/12/2007, -0/+3@GoatBnn
Because it is decentralized. If you decide you don't like your provider you can always delegate to a new one or host your identity provider yourself. - sporkmonger, on 10/12/2007, -0/+3http://www.openidenabled.com/openid/libraries
Any of those should let you run your own OpenID server. - bobmcsmith, on 10/12/2007, -1/+4"What happens if someone gets hold of your OpenID password and username - wouldn't that mean they could log in as you ANYWHERE supporting OpenID?"
If you use a good provider than you can report the issue and they can revoke the account (thus making the ID invalid). That's where the centralized account concept comes in handy, in fact its probably safer than if you used separate accounts but with the same username and password at each site, if you lose that password you have to report it to every other site. - sporkmonger, on 10/12/2007, -0/+3Yeah, but if you do have your own domain, you can easily use it as a proxy of sorts for another provider. For example, my domain, sporkmonger.com, has a tiny bit of HTML in the header that instructs OpenID consumers to use Verisign for my OpenID. But when I log in to a site with OpenID, I don't have to type in the huge fricken Verisign URL, instead I type in "sporkmonger.com" and I'm set.
- bcardarella, on 10/12/2007, -2/+5@sporkmonger: I guess the big problem I have with OpenID is that I feel like I'm putting all of my eggs into one basket. Let's say I create an OpenID through a provider and then create accounts on my 10 favorite websites. Things are great, I log in once and can seamlessly move between my sites... then one day (hypothetical) my OpenID provider goes down. Now I can no longer access my accounts on those other sites, at least that is how I understand OpenID to work.
Furthermore, what if my OpenID provider gets bought out? If I were a marketing agency and I saw that there were only a few websites that kept extensive data on the traffic of many other websites I would see dollar signs; I find it difficult to believe that someone wouldn't sell out.
But in the end I guess it doesn't matter as long as I still have the option of chosing how I want to log into a website. - solarpowered, on 10/12/2007, -0/+2@kveton: Yep, great work there at JanRain, I've been watching.
I just hope that OpenID doesn't "get ahead of itself" by being adopted without these kinds of improvements, and negative things happen that turn people off to it.
It is about to be adopted at Digg, but strong authentication is obviously not needed.
The idea that OpenID (base) only provides a non-unique identity today bugs me. IOW, someone can use the same identity, if they can create it... .which the can at a site that would resemble bugmenot.com
Just wait 'til it happens at Digg.... - bobmcsmith, on 10/12/2007, -1/+3It's been around for a little while but its starting to pick up steam now that companies like Microsoft are on board for working with it
- sporkmonger, on 10/12/2007, -0/+2I've got no explanation for you, because your description is more than a little difficult to understand, but I do know for sure that that's not how OpenID works. Besides, RTFA -- digg hasn't implemented OpenID yet. They're merely planning to. Seriously though, see my comment above on why OpenID doesn't make you more trackable than before.
- Atomic1fire, on 10/12/2007, -0/+2what happens when you need to use another computer
thumb drive with portable firefox? to valuable and it could get stolen
openid is a cross site id yeah but its not owned by one company everyone and anyone can be a provider - jamester, on 10/12/2007, -1/+3You do not need your own domain or blog to use OpenID - there are several different OpenID providers, including http://www.myopenid.com - although some weblog providers (ie: Vox.com) are already functioning as OpenID's.
- macewan, on 10/12/2007, -1/+3@GoatBnn, Besides not being passport?
I applaud their adoption. - osuguy, on 10/12/2007, -0/+2A new podcast/skypecast about OpenID that will be going on tomorrow. It includes discussion from some of the architects of the OpenID standard, and someone from AOL talking about their support. I would really push some of you that want to know more about OpenID, and have questions to listen to the Skypecast tomorrow, you can participate and ask any questions directly to the people that know. This isn't spam, their aren't even any ads on the site, it is setup just to get some of the rumors dispelled. Thanks Guys. The address is http://www.idcast.org
- sporkmonger, on 10/12/2007, -1/+3@bobmcsmith
Exactly. I personally use Verisign, because it's well written and gives you more control than most of the other OpenID setups, they basically open-sourced the code for their server, and because I know the guys who wrote the code IRL ( http://eastmedia.com/ ). But yeah, OpenID is a good thing... not sure why everyone is so worried about it. - OBKenobi, on 10/12/2007, -1/+3So how do we transfer our existing accounts to OpenID?
- kveton, on 10/12/2007, -0/+2@solarpowered: to stop that phishing/man-in-the-middle attack, don't use a bad provider. bad == provider that doesn't use SSL or employ other anti-phishing technologies like SafeSignOn and using a personal icon. Also, the recent announcements by Microsoft and Mozilla mean there will be a better way to authenticate (i.e. not just entering a password into a form in a web page).
In an effort to shamelessly plug MyOpenID, you can read more about how we've been working to solve these problems here:
http://kveton.com/blog/2007/01/24/myopenid-new-anti-phishing-tools-available/ - webonics, on 10/12/2007, -0/+2Awesome! With AOL, Microsoft, Yahoo, Digg and others adopting OpenID, I think may have a real chance at viability and really saving us all some major time and trouble!
- bobmcsmith, on 10/12/2007, -1/+3Well, in that case its a matter of picking the right provider. If you go to a provider that doesn't require a password (or any other authentication), as in your idea for bugmenot, then you have to be aware that it is not secure. This is good for the people who use bugmenot because that's the point, but you would never use a bugmenot OpenID at your bank (for example). So its up to you to pick the provider that suits you. It's not a flaw in the system, in fact its a feature because OpenID doesn't care about how the provider authenticates you, just that it does.
This also answers some of the questions about banking sites, sure you could use an OpenID provider with no encryption to log in to your bank but that's your choice. You could also use a hardened high-security provider which uses Smart Cards, Biometrics, and all sorts of fancy authentication technology, its up to you how secure you want to be. - osuguy, on 10/12/2007, -0/+2@solarpowered
Enterprise level support is already rolling out for OpenID, banks are looking at using it. I'm not sure where you received this information, but it is obvious if you go to http://www.sxip.com and look at the products. OpenID allows other mechanisms to work in a unified way. You will see this at banks, it will just most likely be a hybrid of OpenID and another secure technology.
Think of OpenID as an enabler for the next secure authentication system. - bobmcsmith, on 10/12/2007, -1/+3@sporkmonger:
That is true, but then its just a matter of picking providers (or implementing your own) that do not track your visits. - HappyScrappy, on 10/12/2007, -0/+1bobmcsmith:
You missed the point.
In OpenID, you implicitly trust the identifiers to do a good job. I can easily make one that doesn't though. In that case, I made it myself, probably for a reason. So I don't lose out. But Digg does. Digg is placing trust for identification in everyone who runs their own server. And in this case, they'd be getting burned. - sporkmonger, on 10/12/2007, -0/+1@bcardarella
They already thought of that. Admittedly, it requires that you have your own domain name, but it works. On my site, I've added these lines to my HTML headers:
<link rel="openid.server" href="http://sporkmonger.pip.verisignlabs.com/server/" />
<link rel="openid.delegate" href="http://sporkmonger.pip.verisignlabs.com/" />
<meta http-equiv="X-XRDS-Location" content="http://sporkmonger.pip.verisignlabs.com/user/sporkmonger/yadis" />
<meta http-equiv="X-YADIS-Location" content="http://sporkmonger.pip.verisignlabs.com/user/sporkmonger/yadis" />
Only the first two lines are really necessary, but yeah... basically that tells any OpenID consumers that if I enter "sporkmonger.com" as my OpenID, that on the backend, they should use Verisign for my actual OpenID. If I decide later that I don't like Verisign anymore because they became evil overnight or if Verisign goes bankrupt, I can switch to using myopenid.net instead, or any other OpenID provider, just by changing those headers. The transition is completely seamless -- OpenID consumers still use "sporkmonger.com" as the ID, and they're perfectly happy to use the new provider on the backend. Beyond that, as I'm mentioned in some of the other comments on this page, you can run your own OpenID server, which completely eliminates the need for a 3rd party ID provider.
Course, if you don't have your own domain, that's obviously a problem, but realistically, most of the OpenID providers are very obviously good guys, and you can pick which one you want to use, and I would not be surprised if we start seeing non-profit orgs popping up that supply OpenIDs. -
Show 51 - 100 of 117 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is