> The advantage Persona supplies is that even if you do choose to use an email associated with real identity, Google (or the email provider, e.g. Facebook) will only see a "Sign in to Persona" event, and will not have additional data revealing that you had signed in to Islington CC (in this case).
In this case, it would seem size does matter. If alice@example.com is the first user from example.com to sign in (or first modulus cache of exmaple.com's key at the service) -- example.com will see 1) a sign-in-to-persona-for-alice@example.com in close temporal proximity to a request for it's certificate from the service.
So, if a site already has gmail.com's persona cert on file, google will only see that alice@gmail.com uses persona (and only whenever alice needs a new/refreshed persona session).
I don't think this is much of a flaw, but there definitively is a bit of traffic going back and forth. But much better than with the alternatives (that I'm aware of).
[edit: and obviously the site/service will get the email address as well, but then most other solutions also require the site to get the email address]
In this case, it would seem size does matter. If alice@example.com is the first user from example.com to sign in (or first modulus cache of exmaple.com's key at the service) -- example.com will see 1) a sign-in-to-persona-for-alice@example.com in close temporal proximity to a request for it's certificate from the service.
That's how I read:
https://developer.mozilla.org/en-US/Persona/Identity_Provide...
anyway?
So, if a site already has gmail.com's persona cert on file, google will only see that alice@gmail.com uses persona (and only whenever alice needs a new/refreshed persona session).
I don't think this is much of a flaw, but there definitively is a bit of traffic going back and forth. But much better than with the alternatives (that I'm aware of).
[edit: and obviously the site/service will get the email address as well, but then most other solutions also require the site to get the email address]