Hacker News new | past | comments | ask | show | jobs | submit login

I don't want to let server S know which sites I have an account to. Also, I don't trust server S.

And as if that wasn't bad enough (which it is) it is a single point of failure both in terms of security and availability.




The role of server S would be analogous to that of your email server, which you already trust. Just like email, it would be a decentralised system - with numerous public providers, as well as servers that organisations and individuals have set up themselves.

You could also have multiple accounts with different S servers, e.g. one for work and another personal use.

I agree with the single point of failure regarding availability - if your authentication server is down, you won't be able to log into anything. Though we already have the single point of failure with the existing system, in that once someone has your email password, they can obtain password reset messages from any site that you've registered on with that account.


So you gladly replace that single point of failure with two points of complete failure? You can't conceive of any problem with that reasoning?

You could also have multiple accounts with different S servers, e.g. one for work and another personal use.

If I was forced to use such a service I'd make a service that made it easy to automatically create one "S-server account" for each "real" account and continue to use passwords for those accounts as if nothing had happened.

In practice, BrowserID doesn't solve anything for me - at the cost of reduced security, availability and integrity - as well as forcing me put trust in a third party.

There is a huge difference between my mail server and the S server. If someone uses my mail to reset passwords I will notice, since my credentials won't work anymore. Also there are different levels of security, I value my mail account more than say my account on hacker news. Which I haven't even entrusted with my mail-address - love that you don't have to supply even a fake one and considering that I don't forget my password (or allow anyone to hijack my session) I can't possibly gain anything from supplying it.

Which is the key point, rather than me not trusting ycombinator there is just no incentive for me to supply it - so why should I? Maybe ycombinator gets hacked and my mail gets leaked, I might thus end up with spam - no need to take that miniscule risk when there is nothing to gain. Just as I see no reason to link independent accounts together with a service such as BrowserID.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: