
Google OpenID API - taking the next steps - peter123
http://google-code-updates.blogspot.com/2009/05/google-openid-api-taking-next-steps.html
======
kogir
I tried this out. Perhaps it's just Google's implementation, but if people get
used to OpenID it's going to be a phisher's heaven. It appears that any site
you log into with your OpenID could potentially proxy your provider, obtain
your credentials, and impersonate you on every other OpenID enabled site! I'll
pass.

~~~
AndrewDucker
It should be fairly obvious from the address bar if you're being proxied - it
will show the proxying site's address rather than the site you use as your
OpenID provider.

Also - I'm logged into my OpenID provider all the time, so I don't have to
enter my login details in order to use a third-party site - so they can't
actually capture anything at all.

