Feb. 22nd, 2016

starseerdrgn: Koboldrone (Default)

So, I came across IndieWebCamp not too long ago, and really liked what their message was: take back your online identity. Then, I found their Web Sign-In authorization system, and everything kind of fell apart for me.

When your sign-in system requires the use of the very sites you're encouraging people to leave, you have a problem with hypocrisy. When you put down a log-in system that the user can provide from their own server (OpenID) as "too hard", you have a problem with laziness. Authentication isn't supposed to be easy. Otherwise, you run into what Twitter users see every time they run into one of the meme services: an OAuth application that hijacks their identity by continuing to use the permissions given to them without alerting the user.

Of course, open services have major issues with taking off as well. Mozilla Persona is being shut down, and OpenID is now using OAuth 2 (which I stills don't trust thanks to all of the hell I've been through). I don't see why people can't promote decentralized authentication, especially when centralized authentication is one giant target for hackers.

Yes, I'm going there.

If you throw everything behind Google Single Sign-On, Firefox Accounts (Persona Replacement), Facebook Connect, etc..., you have your identity for everything in a single place. This is a black-hat hacker's best case scenario, allowing them to effectively control everything connected to that user's account with little effort. It becomes trivial once they get in.

I myself was a victim of such an attack, with the hacker bypassing my second factor of authentication on Google (I had two factor auth enabled with my phone). I lost access to my email, IM service, Twitter account, Facebook account, Steam account...Effectively everything in my online life. It wasn't fun, and I learned my lesson from that incident.

I honestly wish OpenID would take off again. I want to see someone beat Twitter, Facebook, and Google at authentication, especially with two-factor. I think a decentralized Persona-based solution might be the best bet (seriously, it's dead simple to use), but in a world where developers rely on a cloud service to set and store avatars (Gravatar), everyone is just too lazy or don't care about such problems, and it's depressing.

This is the open web. Why can't we help make it more open?

starseerdrgn: Koboldrone (Default)

I had not even thought to mention this last night, as turning off comments was the very last thing I had done before bed.

Now, I understand people enjoy leaving comments, and I'm actually happy when I see people leaving polite comments...in those very rare instances. The problem is, this is the internet. It's an open platform (and should stay that way), allowing people to express themselves freely. However, that freedom is abused quite heavily in this day and age.

I've seen so many online lynch mobs at this point that it scares me, and on more than a couple of occasions, I've been subjected to them thanks to sites like Reddit and HackerNews. People took what I said, twisted the words in their mind, and launched attacks so quickly that I couldn't reply in time.

It's not a good feeling to be attacked like that. In fact, many people have had their lives outright ruined by the actions of these lynch mobs, especially on Twitter, Facebook, Tumblr, Reddit, and HackerNews (though the latter is a little better behaved than the others).

Spam is also something I don't want to deal with. Social Networks and blog comment systems have far too much spam now, especially with how open everything is. I've seen an entire social network, the English version of Hatena Haiku, so riddled with phishing and advertising links that no one could hold a conversation. It's a mess, and something all of us need to start paying attention to, by denying them the ability to post.

My blog is mine, and while I can't control what happens outside of it, I can control what happens within it. I don't like leaving myself open to the hateful masses, so I subscribe to the idea that, if someone wants to leave a comment, they can email me, and I can deal with it in private. Twitter is fine as well in some cases, but as rarely as I use it, it may take some time to get back to people.

This eliminates two very big annoyances for me: spam, and lynch mobs (on my own site). My time is limited each day. I want to work, not deal with annoyances. I'll gladly deal with polite emails containing comments, though. Those are something to cherish.

September 2017

345 6789
17 181920212223

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 22nd, 2017 03:13 pm
Powered by Dreamwidth Studios