Geek Answers Handbook

Is OpenID a profitable target for spammers?

Due to the nature of OpenID, would this not be a lucrative target for spammers? To get started, you can create an OpenID account on any site and use it on any other site, which would mean that I could enter the forum and write several thousand posts if the forum suggests that registered users can be trusted.

Do you agree that OpenID is beneficial to spammers? Does OpenID Expect Onslaught?

+4
source share
4 answers

Yes, this is a problem. No, this has nothing to do with OpenID.

OpenID is designed to conveniently replace E-Mail-based logins. It is intended only to solve the problems of ease of use of E-Mail-based logins, it is not intended to solve any security problems associated with E-Mail-based logins.

If there are OpenID providers that allow users to create accounts willy-nilly, without checking their identity, then this is a problem. However, exactly the same problem exists today with E-Mail logins: if email providers allow you to create email accounts without confirming your identity, you can use this email address to enter any forum.

However, this problem has long been resolved for the case of E-Mail: allow only logins with email addresses from reliable suppliers. And the same thing can be done for OpenID: just accept OpenID issued from trusted vendors. If someone logs in to http://John.Doe.VeriSign.Com/ , you http://John.Doe.VeriSign.Com/ them in, and if someone tries to log in using http://Any.Nymous.Evil-4aX0rZ.ru/ , you reject them.

+5
source

It can happen, but I have not heard about it.

In any case, OpenID is not meant as protection against spam, but does not interfere with it. A site can always use captcha in addition to login via OpenID.

0
source

In fact, I think that OpenID has great potential for defeating spammers. Firstly, the requirement of having separate identifiers on different sites means that a real user does not have the opportunity to develop any reputation or credibility.

Using OpenID, third parties can collaborate and collect reputation information. For example, if I use an OpenID account for 5 years without complaining about spam, then, in every sense and purpose, I am a good user and I can be trusted.

Newer OpenID accounts may be subject to more scrutiny and perhaps more rules, such as the inability to publish hyperlinks or the presence of spam keywords.

0
source

I think this makes it easier to say fewer technical spammers who do everything manually. If someone wants to spam 30 forums, that is, 30 full registrations, which takes time, with an open identifier, this is one full registration on yahoo, google, etc., and then 30 partial (or none at all) registrations on forums hosting public identifier.

0
source

More articles:


All Articles