tl;dr ... haha not really. Google is on a roll. I both fear and love it.

But it's not like he joined the company last quarter. If the launch of g+ indicated anything, google is speeding up.

The implementation at browserid.org returns the email only. So there's no way to change the email without visiting all the sites you've registered in using browserid.

Do an online poll and ask people "Do you know your openID" vs "Do you know your email". Users are trained to use emails for login, and that's a significant investment already.

That was a brief failure of communication when OpenID was new.

Have a Google or Yahoo account? Your email address is your OpenID. Of course nobody is going to manually enter an OpenID URL. Why would they need to?

OTOH, facebook id != identity, neither is twitter username. There will always be some id that you won't be able to change. But you are right that email is a bad choice, and i was surprised they give away the email address to developers. They should provide the browserid.org ID only.

it's a compromise move-- the reason most sites today rely on email, fb, or twitter is that it's a way to 1) contact the user, and 2) tell/help the user to tell his/her friends about something.

the team is in talks now about cooperation with another mozilla labs project centered around 1-off email generation for quick and easy anonymity with sites

They give you a token, you do a GET request to browserid.org with it and get the user's email, that's all. The user has to register their email with browserid.org first.

Wasn't one of the benefits that you don't need to rely on a third party service?

The third-party service handles the case where the user's browser doesn't handle BrowserID natively, which makes it possible to adopt this service without waiting for user's browsers to catch up.

I believe you will definately rely on one (of many possible) 3rd parties.

You can try it live at http://textchannels.com/ . I like it , it's pretty simple and neat. Easier than oauth login.

can you explain why this is easier than oauth?

- No need to register your application with browserid.org

- No need to use an oauth library (just 1 GET request)

- Oauth provides access to user data on the provider, while browserID provides no data. Less anxiety for the users.

- No request_token/access_token pairs

- In the future, the user will (hopefully) be able to change his default browserid and as a developer you just don't care.

thanks, I thought you meant it was easier _as an end user_ and could not see why.

The implementation using browserid.org, to an end user, will not get any easier or harder than OAuth or any other third-party service. On the other hand, a browser-based implementation could simply bring up a browser notification saying "Authenticate to example.org using your email address?", to which you could click "yes".

Isn't that what happens when someone compromises your email too?

This may sound embarassing, but i still get mass forwarded emails. I hope G+ will put an end to this.

This is actually a spatiotemporal cloak, not purely temporal. The probe is simply the laser (the green lines in the article picture).