* Mozilla doesn't have any information on you
* Mozilla doesn't store your password if possible, and instead falls back to your email provider (but they do NOT learn which site you logged into)
* It can eventually be decentralised and browser-integrated (though this may have been abandoned)
* The site only knows your email address
I can't remember, but I don't know if Mozilla knows which sites you log into, either.
I'm fairly certain it does not, and that this was built into the protocol from the start. Please let me know if I'm mistaken.
Persona is a fantastic protocol. Too bad Mozilla seemed too eager to drop support...
Since we're not a social network, we can avoid a lot of the risk and confusion about how to use the product without accidentally sharing too much information, and really focus on building a first-class identity product.
We're happy to answer questions if you have them. There's more to come, soon!
Also, how does this compare (in both features and privacy) to Persona?
As far as Persona goes, one of the major differences is the primacy of mobile as a medium for login. And while Persona focuses on using email addresses as identifiers, we go one step further than that, isolating users/apps into their own ID spaces that aren't tied to any particular existing identifier. As a result, a user can change their email address with us without disrupting their service or updating their applications (https://developer.mozilla.org/en-US/Persona/The_implementor_...), and users don't have to divulge this information if it's not necessary, as with apps that just use login for personalization.
We're rapidly building and adding features to Hoomi, and you can expect to see the benefits to users and develoeprs grow as we flesh out users' ability to create profiles for themselves that they can give their apps access to.
What are your plans to push this into market and How are you planning to attract both app devs and end users to use your product?
We're encouraging developers to use this alongside social login (or as a replacement for building their own email/password-based login). Developers can avoid having to build and design large amounts of UX around login, registration, email/phone verification, password resets, etc. by adopting Hoomi, while still giving their users an alternative to social login.
We plan to add a number of compelling features for both users and developers. These will increase the value of a Hoomi account as well as the benefit of adding Hoomi login to your applications.
How does this service pay for itself? If its not a for-pay service how can I know you're not trying to amass a database of info to resell to marketers?
I like the idea of anonymous login, but how anonymous exactly is this? Of course I have to auth to your site so you know my IP, how long do you keep logs for? If I don't login for 6 months can I rest assured that my IP is gone from your logs and can't be tied to my account until I auth again?
As for "Anonymous" login, that's Facebook's term for the service they promised (and we don't use it in our own description of the product for exactly the reasons you mentioned). We act as brokers between apps and users for their data, which includes an identifier that can be used for login. When an app chooses not to ask for personal data, we let the user know that we won't be sharing any of their information with the application.
Is user demand for Hoomi their only incentive? Or is there a positive benefit for them as well?
If the former, it's not clear why developers would rush to support it until it accumulates a very large and uncompromising user base; and building that user base will be hard without a lot of apps/sites already integrating it.
How does "an alternative to social login" itself benefit developers? Every other benefit you've listed out is already being provided by social login providers.
I don't care how good anyone thinks their product is, it does not justify implementing a dark pattern like this.
- Who is Hoomi, and why should I trust them with credentials for other sites?
- Who is using this already, and why will users trust this? Any big names?
- How long will this project live? How is it funded?
- Do you know that your logo looks way too much like utorrent's, but upsidedown?
- Has this been battle-tested against hackers?
I'm sorry, but i'm not excited.
You could also distinguish yourself vis-a-vis persona which requires an e-mail address.
