Vanilla 1.1.9 is a product of Lussumo. More Information: Documentation, Community Support.
Today I tried to unsuccessfully log in on MathOverflow (user number 402). The new system apparently has a very special treatment for the particular type of OpenID that I'm using (Google) and demands that I disclose my private email address to it. (Many other types of OpenID do not have an email address associated to them, so such an invasion of privacy is simply impossible.)
My Google email address is private and is not meant to be disclosed to others, especially not to StackExchange. Furthermore, my user account on MathOverflow already has an email address associated to it, and I don't understand why StackExchange would demand another one from me, especially in such a rude manner.
How do I resolve this problem and log in to MathOverflow without StackExchange invading my privacy?
Terrific. Now I have to create (and use) a new OpenID simply in order to continue using MathOverflow. Good job, StackExchange.
@Scott Morrison: I have no desire to post anything on other Metas (e.g., meta.stackoverflow.com) given how they treat their users (see, for example, the conflict between Jeff Atwood and meta.math.SE, which you are probably familiar with).
Dmitri, the Jeff Atwood v. MSE users issues were resolved long before Jeff left his position on SE Inc., which itself is an old event by now.
@Asaf Karagila: Please do not tell me that the issues were “resolved” when in fact one of the moderators had to resign because of Jeff Atwood's abuses. In any case, this seems to be off-topic in this thread, so I would rather not continue this particular discussion here.
If you want to hold grudges, that's fine. If you want to move on from an incident (which no one says is anything less than severe), then you may want to notice that it's been two and a half years now, and that Jeff has been off the SE management for over a year as well.
But you are right, this is getting off topic. I'll stop participating in this thread now.
Have a nice day.
Meanwhile, I found an answer to my question: http://blog.stackoverflow.com/2010/04/openid-one-year-later/
“There is one, and only one downside: we must demand email from Google OpenIDs. Email is not usually required to use our sites, but you can’t log in via Google if you refuse to provide email to us. You can always switch OpenID providers, of course, but we regretfully must make the email demand mandatory in the case of Google.”
And of course, somebody voiced the same privacy concern there, but it was ignored by StackExchange (hardly surprising, given the identity of the author of that post).
@Scott: The “defect” is a tool to protect your privacy: if you use your Google id on different domains, each of them will get an individual unique id, so there is no way for somebody to link them together and track your activity across multiple sites. In comments somebody named Doekman points out that their goal (identifying accounts on different StackExchange sites) could be achieved without invading users' privacy and demanding them to disclose their private emails. (For example, provide your email only when you want to identify your accounts etc.)
What is amusing here is that any OpenID provider can employ such a scheme, but StackExchanges only singles out Google.
@KConrad: I find the insinuation that there is something not explicit a bit surprising. An official blog-post from more than three years ago, mentioned here by Dimitri Pavlov (and in the other meta thread recalled by me), says:
That’s a major bummer for site networks like us with multiple domains. We use the OpenID string as your user “fingerprint”, so if your “fingerprint” changes, we can’t tell who you are any more. It’s a frustrating problem, but we think we’ve finally come up with a fix: we demand email from Google GMail OpenIDs! [Emphasis as in original.]
The following is a guess, perhaps not even an educated one, but it seems a reasonable scenario to me:
As suggested in the blog post, your OpenID string for stackexchange.com is considered as your 'fingerprint' by SE (in the sense above). This OpenID string is likely the same over all the others sites except MO you use, as all you use seem to be [something].stackexchange.com (yet not stackoverlflow.com for example), so the domainname is the same. Likely, you granted SE permission once, and now long ago, when you started using math.SE (or whichever the first site it was you used on stackexchange.com); they then stored this email-adress as explain in the blog post. All the time you use some SE.com google gives then your OpenID string for stackexchange.com, they recognize this string and thus there is no need to ask for reconfirmation of the email. However, when using MO now, google give your OpenID string for mathoverflow.net (which is different as the domainname is different, and thus google creates a different one for the same email), therefore they do not recognize the OpenID string, and thus ask for the email to identify you via the email-adress instead of by the OpenID string.
The reason that this was a non-issue on the old MO is that there was only one domainname at all, and no accounts to be connected. Now I did not test this, but I assume that I just the other way round would be asked for each stackexchange.com site all the time since my 'fingerprint' is my OpenID string for mathoverflow.net. (Which seems compatible with what Scott Morrison said, since the OpenID string they have for him as main one is likely also not the one for stackexchange.com but mathoverflow.net or perhaps also stackoverflow.com as he seems active there too.)
@KConrad: I could be wrong, but the problem of Dimtri Pavlov was that he did not want that SE had that email address of his at all; so, I do not think that this is a solution for his problem.
@quid: This is correct and the privacy problem still exists.
I agree with the general part of Scott Morrison’s comment. However, my experience with myopenid.com has been terrible, the site is down more often than not. There are other options (stackexchange is itself an OpenID provider, for starters).
Emil,
Judging from Dimitry's past comments (on this thread, and on others related to the migration), I don't think that he would like his identity to be "represented" by SE Inc. at all. But there are more options to this anyway.
@Scott Morrison: What would be better is that I wouldn't have to maintain more than one OpenID. The problem wouldn't be as severe if I knew this in advance, before registering on MathOverflow, as opposed to suddenly discovering myself locked out of my account, with no option to log in other than to register with some highly dubious company (such as myopenid) or set up my own OpenID (which is what I probably will have to do in the end, but it requires some time). At least StackExchange could have had the decency of announcing this privacy invasion in advance, so that I at least had some time to change my OpenID.
1 to 20 of 20