Yo is useless and IMO anyone that has or will put money into it no longer has any credibility as an angel/VC. Yoauth actually is comparatively useful, but unfortunately Yo does not and never will have the critical mass to make anyone want to implement it as an authentication scheme. Twitter is a distant second to Facebook in the authentication space, and Yo is no Twitter.
To be fair, we don't know what goes on behind the scenes. Yo has simply proven that its creators are audacious enough, and good enough at marketing, to make something go viral. Perhaps they have other ideas, other business plans that are currently in stealth, and they're getting funding for them under the Yo umbrella. These are smart people investing in them, and Occam's Razor would seem to indicate that it's highly unlikely that the investors all got collective amnesia from head injuries and changed their vetting/due diligence strategies overnight.
The recurring excuse for the investment is "look at the engagement". Toilets have incredible engagement as well - billions of people use them multiple times per day - but we don't put millions of investment dollars into them. Well, maybe the people investing in Yo do, but most people don't.
Yes, and if you showed me impressive engagement and virality metrics for a toilet that had network effects and a plausible recurring revenue stream (ads), then I would definitely invest (of course no such toilet product exists - toilets don't have strong network effects and don't have a plausible recurring revenue stream in the form of ads).
Don't get me wrong, the app is fairly ridiculous. Projects like this though help show what even the simplest of concepts can provide, though.
To be fair, I'm not sure how secure YoAuth would be, but this particular hack seems like an awesome use of it. It's simple to use and could compete alongside something like Google Authenticator as a simple way to log in to something.
I'm really glad this saw the light of day. So many people were criticizing Yo for being 'useless' and all that, instead of trying to think about what to create with it.
Seriously, don't use this. (Alice tries to log in to Bob's account. Bob receives a yo. Bob yos back to be nice without knowing this is an oauth scheme. Alice now has access to Bob's account.)
But that's not to critique these guys, because I think this is a fantastic hackathon project!
Why does the user need to receive a Yo? Wouldn't it be better to ask users for their handle, and then tell them to Yo a specific account in 30 seconds? If it worked like that, yoauth couldn't be used for spam, nor could you Yo someone you know in order to get their credentials if they replied.
A friend and I built a similar service (also at the Yo hackathon) and what you mention is similar to the way we handled it. I don't think it's been publicly announced, but Yo can now receive links on iOS.
The service we built (http://yosesame.com) works by having you Yo YOSESAME, which signs you up if you aren't already and responds with a URL that logs you in right way. The way Yoauth approached it is interesting, but you're right it's a bit strange to have to receive a Yo.
The author of YoAuth (Bilawal) is one of the awesome student hackers helping to bring the hackathon movement to the UK. http://mlh.io/about/team#uk-team
Plain http links? I suggest using TLS/SSL for any authentication platform. I know it's a quick hack, but you can quickly setup a secure proxy with Cloudflare.
https://yoauth.herokuapp.com/authorize?redirect_to=http%3A%2...
And they want me to trust them with authentication?