Comments on: New Feature For OpenID Users https://pthree.org/2007/07/01/new-feature-for-openid-users/ Linux. GNU. Freedom. Sun, 13 May 2018 18:21:35 +0000 hourly 1 https://wordpress.org/?v=5.0-alpha-43006 By: Christer Edwards https://pthree.org/2007/07/01/new-feature-for-openid-users/#comment-60575 Sun, 08 Jul 2007 17:07:48 +0000 http://www.pthree.org/2007/07/01/new-feature-for-openid-users/#comment-60575 testing (you can delete this if you like)

]]>
By: Aaron https://pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59747 Mon, 02 Jul 2007 12:57:50 +0000 http://www.pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59747 phoenyx- Thanks. Fixed.

]]>
By: Aaron https://pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59746 Mon, 02 Jul 2007 12:56:42 +0000 http://www.pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59746 Dmitry Schechtman- I've commented on your blog. I hope you take the time to read it. Basically, in a nutshell, I mention the following:

1) The spammer manually, rather than automated, published that comment. That means that he was physically sitting at his computer posting the comment.

2) Cases like the one you mention can be handled on a case-by-case basis. We can take advantage of whitelists for reliable OpenID providers making everyone else who is not whitelisted, pass spam tests, and blacklists for non-reliable providers.

3) It is safe to link to that page, as iwantmyopenid.org is not a spam site, but a legitimate site that the spammer has absolutely no control over. All you would be doing is giving "Google Juice", or a higher page rank, to a trusted site. This doesn't affect the comment spammer in any way.

]]>
By: Dmitry Shechtman https://pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59725 Mon, 02 Jul 2007 08:30:02 +0000 http://www.pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59725 http://blog.phpbb.cc/2007/05/17/congratulations-openid-spam-has-arrived/

]]>
By: phoenyx https://pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59709 Mon, 02 Jul 2007 05:20:14 +0000 http://www.pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59709 "Also, I’ll be publishing my whitelist for other bloggers to sue..."

I hope you meant to type use 🙂

]]>
By: Jason https://pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59648 Sun, 01 Jul 2007 19:09:12 +0000 http://www.pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59648 The funny thing is that I've already seen plenty of spam accounts from myopenid.com , I haven't ever seen a jkg.in identifier until now.

(Though I've known about the site for months.)

]]>
By: Aaron https://pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59641 Sun, 01 Jul 2007 17:42:26 +0000 http://www.pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59641 Stephan- I know that there are still potential problems that the OpenID community needs to resolve, such as spammers setting up their own OpenID servers. However, luckily, as a community, we are looking at solutions to fix these security issues, and make OpenID a reliable system to trust.

]]>
By: Free, Anonymous OpenID by http://www.jkg.in/ https://pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59632 Sun, 01 Jul 2007 17:26:58 +0000 http://www.pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59632 on http://www.jkg.in/openid/
you can even get one time openids
without login -- without anything, just a question of time before the bots know, you could check with http://botbouncer.com/ -- which at some point will also be valuable enough to clear for bots, selling cleared openid identities might soon be a market, better than selling accounts on random blogs/websites as it is the case now.

]]>
By: Stéphan K. https://pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59631 Sun, 01 Jul 2007 17:17:20 +0000 http://www.pthree.org/2007/07/01/new-feature-for-openid-users/#comment-59631 It's even less effective than you think. The burden of creating identities and trusting a site is on the side of the server the spammer is using. He can easily run one himself, create millions of identities and skip the 'trust this site' step completely, then even automate the spamming.

You can rely on not many spammers supporting openid for now. But in the long run, the problem is similar to what we have with e-mail now.

]]>