Monday, April 19, 2010

XAuth is Evil


Google and Meebo got it so wrong! Meebo with support by Google published a javascript xauth.js that tells a website which social networks the user is a member of. Information is stored on xauth.org and in local storage what my social networks are.

This is so wrong that it hurts. Sites should publish which social networks they support and the user should then choose which ONE they would like to use at THIS site at THIS time.
The xauth scheme just transports too much data to a central site too often.

Google should use its money and power to put this ability into the browser!
Start with Chrome and Mozilla (https://mozillalabs.com/conceptseries/identity/social-agent/). Yes, Google already supports Mozilla in this project but xauth is evil.

XAuth is not even acceptable as an intermediate "solution" before Identity in the browser is ready. Wrong, wrong, wrong.

I admit that website operators prefer it this way round and the collected data at the central server is definitely interesting and valuable. I think Google with good reason does not store that data on a Google server or do they? Who has access to that data? XAuth is not as bad as Microsoft Passport but not much better.
I fear that the user and privacy advocates are not strong enough to create "Identity in the browser"...

Don't do evil.

1 comment:

Anonymous said...
This comment has been removed by a blog administrator.