Thursday, September 27, 2012

Safeguard your online Persona with Mozilla ID system - CNET

If you've ever struggled with remembering your Facebook password, or felt uncomfortable using your Google ID to log in to a non-Google Web site, Mozilla has a solution for you -- one it calls Persona.

This first beta of Persona, which used to be called Mozilla's BrowserID project, is designed to compete with Web site login systems like the ones offered by Twitter, Facebook, and Google. Whether this open source alternative can hold its own against those other login heavy-hitters, though, is another story.

Persona essentially aims to give you a cross-platform, cross-browser way to log into a variety of Web sites with a single username and password -- but without compromising your privacy. In its description of Persona, Mozilla describes the service as one that imposes a Chinese wall between the act of logging you in and whatever you do once you've logged in. "The history of what sites you visit is stored only on your own computer," Mozilla writes.

This is a notable difference from social-networking services such as LinkedIn, Twitter, Facebook, and Google Plus, which track your navigation after you've logged in. Even when not logged in, social-networking site widgets can report back who has visited a site where the widget is embedded.

Persona currently works on most major browsers on Windows, Mac, Linux, iOS, and Android. The public release of the beta comes with a streamlined login, for which I was to create an account in less than 10 seconds, and a series of improvements to ease developer adoption. These include support for company-specific logos and site names, links to site-specific privacy policies, and a new set of APIs that the company says will be easier for developers to use.

Mozilla has been pushing a quote from England's The Times newspaper, David Somers, a member of the NYT Web team that implemented Persona for its popular crossword puzzle. He said, "[Persona] was definitely easier than OpenID or OAuth because it can almost all be done on the client side in JavaScript." Ease of implementation will be extremely important for Persona, because no matter how protective of end-user privacy it may be, few developers will take to it if it's difficult to adopt. OpenID and OAuth are back-end protocols for Web site user authentication.

It's not surprising that Persona isn't supported on a huge number of sites yet. After all, it's extremely new.

But much like Google's login, Persona's importance could extend well beyond Web-site logins. That's because Mozilla plans to make it the default login system for its forthcoming FirefoxOS phones, which are due to launch early next year. And although Mozilla hasn't explicitly called out Google or Facebook for data collection, it is promoting Persona as a privacy-friendly alternative.

That appeals to Sarah Downey, a privacy attorney and advocate with privacy software start-up Abine, who in an e-mail to CNET wrote:

Previously, consumers had to give in to a large privacy tradeoff if they wanted the convenience of a single login: your personal information in exchange for a quick and easy login experience...If a lot of websites start offering Persona, it'll give consumers a much-needed service: log in just once without compromising your personal information.

Downey also noted that Persona supports pseudonymous account names and allows sites to highlight their privacy policies. "By using e-mails as authenticators, not real names, they let users be different people in different contexts. The ability to choose who we are on which sites and around which groups is integral to free expression and association, particularly online," she said.

The name "Persona," however, could be somewhat confusing for some, since Mozilla still calls its browser themes -- which can be changed without restarting the browser and started shipping in 2010's Firefox 3.6 -- "Personas."

The success of Persona depends heavily on two unknowns: Web site adoption, which requires developers to add yet another login system to their site, and the subsequent adoption by individual netizens. Mozilla's dedication to openness and privacy certainly set Persona on a competitive track. But some big unknowns remain -- namely, what it will take for Mozilla to make it a success, and then whether the organization can pony up the necessary promotion and development.

No comments:

Post a Comment