Hacker News new | ask | show | jobs
by scrollaway 4242 days ago
Persona is not necessarily tied to gmail. Persona offers a gmail gateway. As long as a user has a way of authenticating against the persona server using the provided email, they are fine. This could be their facebook account just as well.

Maybe you should talk to Dan Callahan, he'll be happy to answer your questions in more details I'm sure. I'm saying that because you sound like Persona could benefit you and Persona certainly could use more people like you criticizing it :)

So this comes back to tying accounts to emails: Well, this is the user's choice. They put their internet life into the hands of Google or Yahoo or whatever by choosing such an email provider that may go down at any time. It's completely reasonable and does not actually put YOU in a position where your sites locks users into a third party, you are just giving more choice.

As for activity: although it's not on git, there has been renewed interest in Persona lately. And until a better alternative comes by (which won't be for a long, long time) I'll defend persona tooth and nail because, it may not be perfect, but it is far better than what is currently taking over the entire web.
1 comments
negativeview 4242 days ago
I know that it's not necessarily tied to Gmail. My point was that now my site is dependent on their relationship to whatever they authenticated against. It might be gmail, it might be Facebook, it might be anything. If that thing either goes away, or revokes their access, they're gone from my site as well. That doesn't sit well with me.

> They put their internet life into the hands of Google or Yahoo or whatever by choosing such an email provider that may go down at any time. It's completely reasonable and does not actually put YOU in a position where your sites locks users into a third party, you are just giving more choice.

It's not reasonable. Not to me anyway. And isn't putting your internet life into the hands of any single place exactly antithetical to the entire idea of decentralization?

> it may not be perfect, but it is far better than what is currently taking over the entire web.

It's better than Facebook Connect or things like that, sure. But we aren't comparing it to that, we're comparing it to individual logins. Individual logins put the relationship into the hands of the users and me. That's where it should be.

KeePass and apps like that provide all of the major benefits to users without any of the downsides.

link
scrollaway 4242 days ago
You need to read up on Persona more, specifically on persona gateways. They are not what you think they are.

I meant what I said: talk to Dan. You'll find it interesting, I am sure.

link
negativeview 4242 days ago
I am not talking about the gateways. I am talking about the identity providers. If your identity provider goes out of business, revokes your access, or any number of other things, you lose your credentials to all sites.

For instance, here's a site with a guy trying to sell you on using IDPs from a big company rather than a small. One of his points though is that the IdP is a single point of failure, exactly my point:

https://www.tbray.org/ongoing/When/201x/2013/08/14/FC2-Singl...

Under the heading "Other Failures."

link