Comments on: New Feature For OpenID Users

By: Christer Edwards

Christer Edwards — Sun, 08 Jul 2007 17:07:48 +0000

testing (you can delete this if you like)

By: Aaron

Aaron — Mon, 02 Jul 2007 12:57:50 +0000

phoenyx- Thanks. Fixed.

By: Aaron

Aaron — Mon, 02 Jul 2007 12:56:42 +0000

Dmitry Schechtman- I’ve commented on your blog. I hope you take the time to read it. Basically, in a nutshell, I mention the following:

1) The spammer manually, rather than automated, published that comment. That means that he was physically sitting at his computer posting the comment.

2) Cases like the one you mention can be handled on a case-by-case basis. We can take advantage of whitelists for reliable OpenID providers making everyone else who is not whitelisted, pass spam tests, and blacklists for non-reliable providers.

3) It is safe to link to that page, as iwantmyopenid.org is not a spam site, but a legitimate site that the spammer has absolutely no control over. All you would be doing is giving “Google Juice”, or a higher page rank, to a trusted site. This doesn’t affect the comment spammer in any way.

By: Dmitry Shechtman

Dmitry Shechtman — Mon, 02 Jul 2007 08:30:02 +0000

http://blog.phpbb.cc/2007/05/17/congratulations-openid-spam-has-arrived/

By: phoenyx

phoenyx — Mon, 02 Jul 2007 05:20:14 +0000

“Also, I’ll be publishing my whitelist for other bloggers to sue…”

I hope you meant to type use

By: Jason

Jason — Sun, 01 Jul 2007 19:09:12 +0000

The funny thing is that I’ve already seen plenty of spam accounts from myopenid.com , I haven’t ever seen a jkg.in identifier until now.

(Though I’ve known about the site for months.)

By: Aaron

Aaron — Sun, 01 Jul 2007 17:42:26 +0000

Stephan- I know that there are still potential problems that the OpenID community needs to resolve, such as spammers setting up their own OpenID servers. However, luckily, as a community, we are looking at solutions to fix these security issues, and make OpenID a reliable system to trust.

By: Free, Anonymous OpenID by http://www.jkg.in/

Free, Anonymous OpenID by http://www.jkg.in/ — Sun, 01 Jul 2007 17:26:58 +0000

on http://www.jkg.in/openid/
you can even get one time openids
without login — without anything, just a question of time before the bots know, you could check with http://botbouncer.com/ — which at some point will also be valuable enough to clear for bots, selling cleared openid identities might soon be a market, better than selling accounts on random blogs/websites as it is the case now.

By: Stéphan K.

Stéphan K. — Sun, 01 Jul 2007 17:17:20 +0000

It’s even less effective than you think. The burden of creating identities and trusting a site is on the side of the server the spammer is using. He can easily run one himself, create millions of identities and skip the ‘trust this site’ step completely, then even automate the spamming.

You can rely on not many spammers supporting openid for now. But in the long run, the problem is similar to what we have with e-mail now.