This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||
|
BrowserID now appears to be called Mozilla Persona. I would suggest that this page be renamed. Jonathanmjefferies ( talk) 14:16, 31 July 2012 (UTC)
Not sure that was such a good idea - indeed, BrowserID remains the codename for the protocol and Persona.org is the service ran by Mozilla.org, not the protocol itself. -- TheAnarcat ( talk) 02:52, 27 June 2013 (UTC)
Just because marketing material says something is secure, that doesn't make it secure. "Secure" is an unachievable perfect state, like "indestructible". We can only talk about the threats that have been anticipated, and the defenses against those threats, and the probability that the defenses will be breached.
For example, Mozilla's demonstration site https://login.persona.org/signin says:
Since Javascript is essential for successfully exploiting the vast majority of attacks on browser vulnerabilities, along with Cross Site Scripting which is still on the OWASP top ten vulnerabilities after 14 years, the best way to "secure" (better said, improve the security of) your browser is to disable scripts. (See NoScript.) Therefore if Persona requires one to lower their browser's security defenses, Persona is thereby forcing a reduction in the security of those who are informed and care about it.
Javascript will be "secure" when browsers are "secure", which, based on the track record of the last 20 years, will be approximately never. 129.219.155.89 ( talk) 17:11, 4 February 2013 (UTC)
I am once again removing the unsupported (original research?) claim that this is "secure".
Before reinstating the claim please cite an independent reference. 129.219.155.89 ( talk) 14:23, 2 April 2013 (UTC)
Hello fellow Wikipedians,
I have just modified 8 external links on Mozilla Persona. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— InternetArchiveBot ( Report bug) 08:56, 7 February 2018 (UTC)
This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||
|
BrowserID now appears to be called Mozilla Persona. I would suggest that this page be renamed. Jonathanmjefferies ( talk) 14:16, 31 July 2012 (UTC)
Not sure that was such a good idea - indeed, BrowserID remains the codename for the protocol and Persona.org is the service ran by Mozilla.org, not the protocol itself. -- TheAnarcat ( talk) 02:52, 27 June 2013 (UTC)
Just because marketing material says something is secure, that doesn't make it secure. "Secure" is an unachievable perfect state, like "indestructible". We can only talk about the threats that have been anticipated, and the defenses against those threats, and the probability that the defenses will be breached.
For example, Mozilla's demonstration site https://login.persona.org/signin says:
Since Javascript is essential for successfully exploiting the vast majority of attacks on browser vulnerabilities, along with Cross Site Scripting which is still on the OWASP top ten vulnerabilities after 14 years, the best way to "secure" (better said, improve the security of) your browser is to disable scripts. (See NoScript.) Therefore if Persona requires one to lower their browser's security defenses, Persona is thereby forcing a reduction in the security of those who are informed and care about it.
Javascript will be "secure" when browsers are "secure", which, based on the track record of the last 20 years, will be approximately never. 129.219.155.89 ( talk) 17:11, 4 February 2013 (UTC)
I am once again removing the unsupported (original research?) claim that this is "secure".
Before reinstating the claim please cite an independent reference. 129.219.155.89 ( talk) 14:23, 2 April 2013 (UTC)
Hello fellow Wikipedians,
I have just modified 8 external links on Mozilla Persona. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— InternetArchiveBot ( Report bug) 08:56, 7 February 2018 (UTC)