OpenID Skepticism in Germany
5. February 2008 – 22:43 byAlthough OpenID is discussed regularly, not only by some geeks but also on big tech blogs like Read/Write Web and TechCrunch, it hasn’t gained much popularity among German bloggers and users yet. So far it has mostly been mentioned on smaller blogs; sometimes covered more in depth, sometimes just very superficial. A welcome exception was last year’s series on Oliver Wagner’s agenturblog. However there hasn’t been any regular coverage of the topic yet. Recently some bigger blogs started reporting about it, thanks to Google’s and Yahoo!’s decision to adopt it.
I am not really sure why there is no regular coverage here. Well, maybe there is and I just don’t know about it. But somehow I doubt it because I also don’t see many posts about related topics like OAuth, APML and microformats. Actually I know just two blogs which cover those topics on a fairly regular basis.
Anyway, back to OpenID and its perception in Germany. Reading blog posts and comments about OpenID, it becomes obvious that there are many concerns about it. People raise security and privacy questions:
- The provider knows all sites users visit.
- That data could be sold.
- If the provider is hacked, scammers have access to all sites and information about users.
- OpenID delegation is not save because web servers could be hacked as well.
Those are the most common objections.
The other day Martin Atkins proposed a “business model” for OpenID providers: targeted advertisement based on the sites users visit. Well, that’s grist to the mill of OpenID skeptics, of course. Though Martin points out privacy concerns as well and he doesn’t really recommend that model. He writes:
Of course, I’m not saying that this is a good way to fund your OP, just a way to fund one. You’ll probably face an uphill struggle against privacy advocates if you’re too blatent about it. It’s worth remembering that this is possible, though; if what I’ve described here concerns, you, you’ll want to pick your OpenID Provider carefully.
Though he rightly raises the question of business models for providers. I think if providers want to be competitve and win more users over they have to provide
- a great deal of security measures to prevent data loss and hacking,
- strict privacy policies and
- a sketch of their business practices towards users.
Are there also concerns about OpenID in other countries?
4 Responses to “OpenID Skepticism in Germany”
Great tips for the providers!
As for the lack of coverage - I think as is there just is not that much about openID to report or think about for everyone but those who for whatever reason (developers who want to implement it for their site, serivces who want to grab some market share and maybe want to leverage an existing user base, bloggers who want to establish themselves as authority on the subject, etc.) have a strong personal interest in it.
From a users pov it might be good and important to know what openID is - most intros will do, but once you know what else would you want to know about it? If you want to make an informed decision whether you should start using it or not you probably want to consult a few opinions on the pros and cons and how to choose a decent provider (imho for most users for anything but trivial use cases like commenting there currently are more risks than benefits, not for the reasons you mentioned btw but that’s another story, my take: don’t use it if you don’t know what you are doing), but again: once you know those there is not that much more you can learn about it to make an even better decision.
By Markus on Feb 6, 2008
I kind of agree with you. As a user you probably just want to know the basics. However OpenID is an emerging standard many people are not as familar with as with email for example. So I think they need more information at this stage.
While I was writing that there are some in depths articles and some superficial ones, the superficial and inaccurate ones are dominant. Sadly. Some bloggers don’t even try to research a little bit. But that’s not only concerning OpenID but blogging in general in Germany, I think. Maybe I should write a blog post on the German (speaking) blogosphere.
By Carsten Pötter on Feb 6, 2008
This a useful post, but to the detractors who are worried about privacy issues around OpenID, I hope that those folks also don’t use email. Email is actually much worse for privacy in many cases, especially since the services that you use all typically require an email address in order to create an account. In such circumstances, your email provider knows as much about your service usage as an OpenID provider would, and we already know that GMX, Gmail, Yahoo and Hotmail make money by selling you services inside your inbox… how is this made worse by OpenID?
Additionally, the choice of an OpenID provider should eventually become similar to the choice of a credit card provider. It may not be a forced decision, but it certainly is more convenient than carrying around a wad of cash, and can actually be safer in some cases, especially if you get locked out of an account for example, since your OpenID provider could become your advocate and could take steps to restore your access.
Clearly there are open questions and things that still need to be addressed with regards to OpenID. But I don’t think that writing it off as a privacy sink hole is necessarily accurate. Guess we’ll just have to wait for the market to prove me right.
By Chris Messina on Feb 7, 2008
I don’t need to be convinced, Chris.
Although OpenID is around a little more than two years now, it’s still in the beginning, I think, and there are certainly some rough edges. But as you have mentioned this will be a chance for providers to stand out and provide some strong security features and additional services to convince users to sign up with them.
And once again, it’s just like email. Email providers offer different features and users have a choice.
By Carsten Pötter on Feb 7, 2008