Here's a good one. Last night I did a Skype chat interview with a Register (and Wired and AP) journalist about 419 scams on the Social Network where I'm CTO. I asked him "How do I know that I'm talking to the reporter you say you are". Especially when his Skype profile is empty and he has only 3 contacts in Skype. Proving Identity on a first meeting is remarkably difficult on the net. But then it's pretty hard in real life as well.

Then we hear of a Yahoo! AuthBB-OpenID mashup that lets you create an OpenID identity based on a Yahoo! account and using Yahoo!'s authentication. On one level this looks great because it potentially allows a very large number of people to have an instant OpenID identity. But of course that is also a curse. short term fake identities on Yahoo! are common. What are we actually proving here? That the person trying to log into your OpenID enabled system has a validated Yahoo! Account? So what?

[ << Hello Kitty Hell ] [ Its time for De-centralization again >> ]
[ 30-Jan-07 8:23am ] [ ]