Herodes
|
|
March 01, 2013, 01:24:10 PM |
|
I read through the first page of this thread, but didn't read the rest, so perhaps this information will be redundant, anyway, here goes:
Firstly I'd like to thank Mike Hearn for all the stuff that he does for bitcoin at large.
Secondly I'd like to put forth my opinions about OpenID.
What if your Google e-mail is compromized, it seems then it would also be possible to get access to the sites that you're connected to through OpenID.
The privacy issues is also interesting. If a certain individual is the member of 5 sites, and all these sites run their own user account systems, then any law enforcement agency or any 3-letter agency would need to contact 5 entities to get required data. However, with one central repository, one rogue sysadmin or a request to Google from law enforcement would be enough to get the required data.
Now, most users are honest individuals doing nothing nefarious, and you don't even need to do anything nefarious to value your privacy online. But as a website operator, you're now relying on a 3-rd party for all your user accounts, and what if it's decided that pulling the plug on your website is the right thing to do, caused from legal of political pressure ? There's nothing you can do, but to see your entire userbase vanish by the snap of some fingers.
And what if some google employee fucks up, and user data is leaked ? I assume there is tight security, but tight security has been broken before. Also, google will be able to record when you log in to a certain site, and a host of other parameteres, they can and will use for various purposes that you may or may not agree with.
For example, if you are a member of some soccer sites that use OpenID, google will possibly serve you commercials for computer soccer games and so on. Google may also use your habbits as a toll to suggest stuff for you on Google+.
Make no mistake about it, although Google does a lot of good things, like drone program to help wildlife preservation, and offering a hostload of free services online, they also need and want to turn a profit, and in addition they're US based, meaning it's very easy for law enforcement and 3-letter agencies to tap into their data, and mind you - this is happening. We don't hear about it, but we should not be naive and think it's not happening.
So who knows, some years down the line, you need to pay a mandatory license for using bitcoins, and lists of users will be extract from Google, and you will have your bills in your mailbox.. Ok, that may be stretching it, but judging from all the silly things that US policy makers and law enforcement agencies actually do, I would not be surprised if this will happen. What about mining pools, I'm sure the IRS would be happy to look up personal information about big time miners to see if they're paying their taxes.
This being said, it's unquestionable that Google provides a more secure and more professional service than most devs would be able to put up alone, but it's worth knowing about the privacy implications, which can be severe.
I already see that Google is exploting my online habits to do targeted marketing in regards to my interests, and I don't like it much, but I understand why the development is going this way, and I see how it can make revenue, it's not like I would click on ads sporting womens makeup articles, give me some geeky ads, and the chance is bigger that I click on an add, and then add this up for thousands and millions of users, and we have the answer to why targeted marketing works great for google.
I'd say if you run a somewhat serious website, have your own user account system, and protect it well, two factor identification may also be an interesting thing to implement.
|