|
|
|
|
|
|
by Groxx
4821 days ago
|
|
|
I've been thinking about this, and I have come to the conclusion that it's less of an issue than I thought it was. For a simple reason: the "email address" you provide is just an identifier. A string formatted as "user@domain", nothing more. By convention it's a usable email address, but there is literally nothing preventing someone from starting up an email-less Persona identity provider. You'd still log in with your_username@noemailpersona.com, but that's just a formality that doesn't need to be hooked up to an actual mail server at any point. Never using that account to actually communicate would put it on par with any other auth system you can come up with. Disposable when you want to dispose of it, and no need to ever dispose of it unless you want to. The whole issue with some people changing their email addresses for spam-fighting / inbox-cleaning purposes is a non-issue with this kind of an account. |
|
|
Now, consider I want to try some service I don't trust. I sign in with a email-looking identifier (which doesn't work as email address) and use the site for some time. Eventually, I become fond of this service and want it to start contacting me. With 123done.org I can't do this, nor at the mineshafter.info, nor at crossword.thetimes.co.uk. Trovebox looks broken to me, so can't tell it works, and I was lucky with voo.st, as it allowed me to add more accounts. Don't know more sites using Persona. Considering, today when you register with only Facebook or Google account relatively many sites don't let you change that binding in the future, it's very likely the situation with Persona will be the same.