12 comments posted · 183 followers · following 2
From a blogger's perspective, intense debate provides great tracking and stats, but I see more potential for intense debate from a commenter's point of view. The biggest gap for me as I comment on people's blogs is being able to track responses. This is where the lack of any kind of real debate comes into play. Because I have to remember a) remember where I commented and b) remember to keep going to check if anyone responded. This is already starting to be solved by intense debate since I have a profile view of everywhere I have commented. However, it would be truly valuable if I could now subscribe to "my comment and replies" feed to keep me in the loop. Subscribing to every comment thread is available, but that gets unruly and hard to manage very quickly. A federated/aggregated feed would be money!
1) tracking/user profiling & phishing - these are issues/concerns/problems or whatever you want to call it with any site now. They are Internet problems, not OpenID problems. Like the article says, if you don't like tracking, don't use Google either. As for phishing, you still have to use common sense and make sure that the server you are logging into is actually the server you created your OpenID with. This is especially hard to spoof since all OpenID servers do not look the same. Just checking the URI should be enough of a clue. This is a common sense issue, and is not specific to OpenID. If I knew your email address and password from ebay, I could probably go to 100 different sites and log on the same. Sure, putting all your eggs in one basket makes it more risky when you have been victimized, but if that's the argument then we might as well just wait until everything is authenticated with biometric scanners. :)
2) Usability/Reliability - this is not OpenID specific either. This is an implementation issue of specific OpenID servers or sites using OpenID. This again does not validate any true concern of the OpenID technology itself.
3) Identity Theft - this is the most ridiculous argument from the whole post. If I have a URI that is already mine, like http://jonnyworkboots.myopenid.com, then nobody can use this URI without knowing my password. Of course there is no way I can make someone not sign up as http://jonnyworkboots.anotheropenidserver.com, but is that identity theft? I could go to intense debate right now and sign up as firstname.lastname@example.org, but did I "steal" his identity? My unique name is my URL. If anything, this makes identity theft less likely. There is nothing stopping me from going to 100 sites right now and signing up as lifehacker. But if they had the URI http://lifehacker.myopenid.com as their unique identifier, then there is no way for me to use that in any other OpenID enabled site without first authenticating. Again, it's just a ridiculous argument.
I understand the concerns, but to me OpenID, while maybe not solving all Internet identity problems, doesn't really introduce many new ones.
1) if you just put in any word without a dot, like "foo", you just get a popup that says "Error". It looks like an uncaught exception because of parsing the url field by the dot.
2) if you leave off the "http://" of the url off, like "foo.bar", it is appended to the url of the blog post. For example if my blog post is found at http://myblog/thisisapost and I put foo.bar into the blog url field, my blog URL shows up as http://myblog/thisisapost/foo.bar
I guess the end result is that there needs to be better validation/error notification around the blog url field for comments left by non-logged in commenters.
I suppose you could also just allow people to sign up for Intense Debate using their existing Open ID as well. Then you get the best of both worlds.