Category: identity

identity, mozilla, web3 Comments

getting web sites to adopt a new identity system

benadida

My team at Mozilla works on Persona, an easy and secure web login solution. Persona delivers to web sites and apps just the right information for a meaningful login: an email address of the user’s choice. Persona is one of Mozilla’s first forays “up the stack” into web services. Typically, at Mozilla, we improve the Web by way of Firefox, our major lever with hundreds of millions of users. Take asm.js, Firefox’s new awesome JavaScript optimization technology which lets you run 60-frame-per-seconds games in your web browser. It’s such a great thing that Chrome is fast-following. Of course, Chrome also … Continue reading getting web sites to adopt a new identity system

identity, mozilla, security3 Comments

Identity Systems: white labeling is a no-go

benadida

There’s a new blog post with some criticism of Mozilla Persona, the easy and secure web login solution that my team works on. The great thing about working in the open at Mozilla is that we get this kind of criticism openly, and we respond to it openly, too. The author’s central complaint is that the Persona brand is visible to the user: It [Persona] needs white-labeling. I know that branding drives adoption, but showing the Persona name on the login box at all is too much; it needs to be transparent for the user. Most of the visits to … Continue reading Identity Systems: white labeling is a no-go

identity, mozilla, privacy, web4 Comments

Firefox is the unlocked browser

benadida

Anil Dash is a man after my own heart in his latest post, The Case for User Agent Extremism. Please go read this awesome post: One of my favorite aspects of the infrastructure of the web is that the way we refer to web browsers in a technical context: User Agents. Divorced from its geeky context, the simple phrase seems to be laden with social, even political, implications. The idea captured in the phrase “user agent” is a powerful one, that this software we run on our computers or our phones acts with agency on behalf of us as users, … Continue reading Firefox is the unlocked browser

identity, mozilla, web7 Comments

the Web is the Platform, and the User is the User

benadida

Mid-2007, I wrote two blog posts — get over it, the web is the platform and the web is the platform [part 2] that turned out to be quite right on one front, and so incredibly wrong on another. Let’s start with where I was right: Apps will be written using HTML and JavaScript. […] The Web is the Platform. The Web is the Platform. It’s going to start to sink in fast. […] Imagine if there’s a way to have your web application say: “please go pick a contact from your address book, then post that contact’s information back … Continue reading the Web is the Platform, and the User is the User

identity, mozilla, privacy, security, web

connect on your terms

benadida

I want to talk about what we, the Identity Team at Mozilla, are working on. Mozilla makes Firefox, the 2nd most popular browser in the world, and the only major browser built by a non-profit. Mozilla’s mission is to build a better Web that answers to no one but you, the user. It’s hard to overstate how important this is in 2012, when the Web answers less and less to individual users, more and more to powerful data silos whose interests are not always aligned with those of users. To fulfill the Mozilla mission, the browser remains critical, but is … Continue reading connect on your terms

identity, personal, web

BrowserID and me

benadida

A few weeks ago, I became Tech Lead on Identity and User Data at Mozilla. This is an awesome and challenging responsibility, and I’ve been busy. When I took on this new responsibility, BrowserID was already well under way, so we were able to launch it in my second week on the project (early July). It’s been a very fun ride. Here’s the BrowserID demo at the Mozilla All-Hands last week: Given my prior work on email-based authentication (EmID, Lightweight Email Signatures, BeamAuth), you might think BrowserID was my brainchild. In fact, it really wasn’t. And, in a testament to … Continue reading BrowserID and me

identity, privacy, web6 Comments

and the laws of physics changed

benadida

Google just introduced Google Plus, their take on social networking. Unsurprisingly, Arvind has one of the first great reviews of its most important feature, Circles. Google Circles effectively let you map all the complexities of real-world privacy into your online identity, and that’s simply awesome. You can think of Circles as the actual circles of friends you have. The things that are easy to do in real life, like sharing a fun anecdote with the friends you generally go out with on Saturday nights, are easy to do in Circles. The things that are hard to do in real life, … Continue reading and the laws of physics changed

identity, privacy, security2 Comments

The evolution of OpenID: you’re not a URL after all

benadida

The US government has just announced a pilot program to integrate OpenID (and Information Cards) into public government web sites. This is very interesting news, as it will likely catalyze even greater OpenID deployment and use. [I’ve poo-poo’ed OpenID here and here, because of phishing and privacy concerns. I’m still very worried. I’ve suggested ways to defend OpenID against phishing, and I helped Creative Commons deploy a privacy-conscious OpenID service.] What’s fascinating to me is the evolution of OpenID. The pitch used to be “log in with your URL.” The backend protocol was cool, but it didn’t really matter. Authentication … Continue reading The evolution of OpenID: you’re not a URL after all

crypto, identity, personal, security, web27 Comments

Don’t Hash Secrets

benadida

Building secure systems is difficult. It would be nice if we had a bunch of well-designed crypto building blocks that we could assemble in all sorts of ways and be certain that they would, no matter what, yield a secure system overall. There are, in fact, folks working on such things at a theoretical level [Universal Composability]. But even if you had these building blocks, you would still have to use them in their intended way. A component can only be secure under certain well-defined circumstances, not for any use that happens to look similar. One area of secure protocol … Continue reading Don’t Hash Secrets

identity, privacy, web4 Comments

Open(Social) Will Win ; and now Privacy?

benadida

If you’re hooked into the social networking world, you know about Facebook and the Facebook platform, which lets developers create all sorts of applications that make use of your Facebook social network in interesting ways. Flixster, for example, lets you share and compare your movie tastes with your existing Facebook friends. No need to reconnect to your friends in every web-based application. But there is one problem: if you write a Facebook application, you’re pretty much stuck with Facebook. Facebook never lets the application see the user’s email address or Instant Messenger account name, or any other fields that would … Continue reading Open(Social) Will Win ; and now Privacy?