Allowing all sites access

[Brad Fitzpatrick]

Hey, by default we're protecting you.  This would never be used or adopted
if we were spewing out your identity to any site that asked, all behind
the scenes without your knowledge.

But if you don't care, just use an identity server that lets you turn it
off.  But you're in the minority.

- Brad


On Wed, 18 May 2005, Andrew Ducker wrote:

> Martin Atkins wrote:
> > The only case where it's really harmful is where a random site wants to
> > know "is Andrew viewing me?".
>
> Aaaah - gotcha.  Of course, to do that they'd have to hit LJ every time
> someone connected to them and say "Is this person AndrewDucker?"  "How
> about this one?" "This one???", which would be possible if we don't have
>   logs of what requested that ID.
>
> But then, if I was worried about that, I could turn the functionality
> back off again.
>
> Personally, I'm the kind of person that uses my real name as my identity
> everywhere.  I can understand some people _don't_ do that, but I'm happy
> to do that, and I'd rather not have to go through an authorisation
> process when I don't have to.
>
> Andy D
> _______________________________________________
> yadis mailing list
> yadis at lists.danga.com
> http://lists.danga.com/mailman/listinfo/yadis
>
>