December 2007 Archives

I ran across a link to http://id7r.com this morning, and while it’s a technically interesting application, I can’t help but see it, at best, as a complete dilution of what OpenID is supposed to mean, and at worst, an intentional abuse of OpenID and a perfect tool for spammers.

A Quick Refresher

OpenID is a way for a user to assert to a site that the user controls/owns a URI (a good look at the benefits here), and the authentication process tries to make sure that there’s a person on the other end of that URI.

A key feature of OpenID is that it provides a globally unique identifier for every user, no matter what site or service they are using on the Web. Simon Willison

Meanwhile…

The id7r.com home page says:

Id7r turns every email address into an OpenID identifier.

• type in your email address (prepended with id7r.com/) and click “verify”
• check your mailbox for a new message with subject like “Auth Request #### from id7r.com”
• follow instructions therein to complete the process.

Now, isn’t email the thing that spammers have come very close to completely ruining due to creating millions (billions?) of randomly-generated email accounts? The “instructions therein” consist of:

Do not reply to this message! It’s sent from an unattended mailbox.

Hi, <me>,

Someone (possibly you) has requested authorization at id7r.com for an OpenID login.

If you accept, please click this URL http://id7r.com/?action=confirm&token=<atoken>&auth=yes to complete the process.

Otherwise, click this URL http://id7r.com/?action=confirm&token=<atoken>&auth=no to reject it.

If your email client does not make above URLs clickable or a different browser pops up, please cut and paste either URL to the same browser you used earlier.

Sincerely,

The Id7r Team http://id7r.com

It seems to me that grabbing a link from the email and then submitting a form is not particularly hard for the scum out there.

Am I Crazy?

So, I know that OpenID does not claim to be an end to SPAM in and of itself (thanks to singpolyma for the reminder), but this just seems completely wrong to me. There was a recent spat over the anonymous OpenID server, and the community consensus seems to be that we’re going to have to resort to server blacklists eventually (though the author of the annoymous server makes a decent case that blacklists are not going to do it either).

So am I crazy for seeing this as a huge problem? Unlike the anonymous server, id7r.com looks like something that normal users would find useful, thereby making it harder on them if we simply blacklist it.

Got thoughts? Hit the comments and let me know.

To Jeremy in IM:

You know you’re addicted when your first thought when Twitter is down, is to Twitter about how much more productive you are when Twitter is down.

Welcome to redmonk.net — all DiSo, all the time.

I do have a life outside of my latest obsession - :-) - still, there’s good news afoot, so here goes.

Will Norris, author of the Wordpress OpenID plugin, announced yesterday that wp-openid is coming under the DiSo Project. Woo! As happy as I am to have Will’s awesome contribution, it makes a lot of sense too -

…they are using wp-openid as a foundation to develop additional plugins that build on OpenID to bring other social functionality to WordPress powered blogs. I am therefore pleased to announce that wp-openid is moving under the umbrella of DiSo in an effort to allow better integration with the other social plugins that are being developed…

Will is looking into the process of importing the wp-openid source into the DiSo repo, and then setting up a sync to wp-plugins to provide packaging and to hook into the plugin update system that was introduced in Wordpress 2.3.

Meanwhile, we’ve got a wiki set up; Chris has been busy creating ma.gnolia and flickr groups, and the Google group/mailing list is growing as well.

To complete the social absurdity, you can now follow diso on Twitter. :-)

A nerd needs a project because a nerd builds stuff. All the time. Those lulls in the conversation over dinner? That’s the nerd working on his project in his head.

— Rands in Repose, The Nerd Handbook

Microformats, OpenID, Portable Social Networks

So, for the last month or so, these things have been my Project. Actually, I haven’t spent as much time on them as I’d like, since I’m a Dad (geek dad FTW) and an employee first, but I am a nerd and these have been my Project. The evidence:

• If You Love Your Users, Set Them Free — Portable Social Networks
• Making a list: Whitelisting with OpenId and XFN
• Blogrolls, XFN, and OpenID URIs
• More XFN+OpenID
• XFN Blogroll

You can see that it’s been occupying the back (and front!) of my mind for some time now. My unfortunate sounding board for a lot of this has been the unflappable Chris Messina, who himself is an enthusiastic evangelist for microformats and has put up with a lot of questions, as well as putting up with me nearly hijacking and adopting his plugin project.

I’ve rewritten large chunks of the XFN blogroll plugin, with Chris’ help and encouragement, and added substantial functionality (mostly in enabling the plugin to find users who have registered via openid and modify the blogroll links based on that information). Now, we’ve decided to move this project and several others we have in mind to their own project on Google Code.

DiSo: Distributed Social Networking apps

DiSo (dee • zoh) is a new umbrella project for various open source social networking components that we’re working on. In the beginning, we’re largely targetting Wordpress, building on the work Will Norris’ has done with his excellent WP-OpenID plugin.

From the project description page for DiSo:

This model can be described as having three sides… Information, Identity, and Interaction.

The first plugin is the Microformatted Blogroll (wp-xfn), which is about ready for a 0.5 release, and has been getting a workout on my blogroll for a while now.

I’ve also started preliminary work on an OpenID server (wp-openid-server) that will authenticate against the Wordpress user database. The server will, hopefully, be a port/wrap of phpMyID, a very easy to use single-file server writtten by CJ Niemera.

What’s Next

For me, continuing to develop wp-xfn, and start designing wp-openid-server. For you? Try reading http://code.google.com/p/diso/wiki/WordpressBrainstorming and http://factoryjoe.pbwiki.com/DistributedSocialNetwork and see if there’s something you’d like to work on. Download the source an browse around. Then contact me or Chris and let’s talk!