We had one of the biggest snows of the year today in Montreal. The storm, which happened overnight and was supposed to let up around noon, still hasn't stopped. It's a practical white-out outside -- big fluffy flakes everywhere. The radio said we had more than 40 cm of snow, which is just amazing.
I headed over to Laïka this afternoon for an interview with Steve Faguy of the Montreal Gazette. I was pretty worried about going out, but as usual I was pleasantly surprised when I was outside. Snowy weather is pretty gentle, and although I was cold and wet when I got to Laïka, it wasn't all that bad.
I had a good talk with Steve about Wikitravel, Montreal tech scene, and the French Revolutionary Calendar. I'm looking forward to seeing the article when it comes out.
tags: steve faguy laïka snow interview gazette
certifi.ca doing well
I was glad to see a post about certifi.ca in the Solution Media Blog of Thomas Huhn. Thomas set up the extremely useful OpenID Directory, so his opinion is pretty valuable. I'm glad he's as enthused about certifi.ca as I am.
tags: thomas huhn certifi.ca openiddirectory openid
Registration and privacy
I think I have an account on every free OpenID service on the Web. I need lots of accounts for debugging purposes, and I also like to have an idea of what people are doing with the protocol.
I checked out prooveme.com a few days ago. prooveme.com gives out OpenIDs with SSL cert authentication, like certifi.ca. It seems like an OK service, but I don't think they use SSL and certs the right way. I tested the prooveme ID on a couple of services, had a couple of errors, and that was that.
So I was surprised to see this posting in the proovemeblog today:
- certifi.ca is another site doing certificated OpenID. Evan, the creator of certifi.ca is a subscriber of ours. We'll obviously be pleased if he carries on using us!
Now, I've been in wikis long enough to know that you have to AssumeGoodFaith when people post things in public forums, so I'll take this comment as nothing more than clumsy but good-natured ribbing. Ha ha ha.
But: I haven't publicly said that I'd tested out the prooveme server. I'm not particularly embarrassed about it, but I hadn't had any reason to mention it to anybody, either. So the only way the poster could know that I'd registered for their service was to check their database records for my registration information.
Publishing users' registration info without their consent steps over an important privacy line for me and, I think, for a lot of people. I'm not sure making a joke really justifies that kind of privacy invasion. I don't feel fairly treated, here.
I partly blame myself: after all, I submitted personally-identifying information (PII) into a Web form on a site without an explicit privacy policy. I've gotten so used to OpenID providers being experienced with security and privacy issues that I made assumptions that turned out not to be the case.
I've taken the incident as a wake-up call to put a privacy policy on certifi.ca. I hope that will communicate to users what I consider acceptable use of their data. And I'll make sure to check carefully for privacy policies whenever creating a new account in the future.
For clarity: if I have an account on a Web service, that is not any kind of endorsement of their service, and doesn't necessarily suggest that I use that service regularly (or at all). I'm going to see what I can do to get my account deleted from the prooveme servers to avoid any misunderstanding in the future.