[OpenID] NyaLogin private beta invites, supporting OpenID movement

5 views
Skip to first unread message

he...@nyalog.in

unread,
Jul 5, 2011, 6:06:59 PM7/5/11
to openid-...@lists.openid.net
Hi there,

We'd like to give away NyaLogin 50 private beta invites to OpenID community. Our website is www.NyaLog.in  and if you are interested, please reply back to us with your email ID.

NyaLogin allows website owners to have 15 most popular OpenID/oAuth (such as OpenID, Google, Facebook, AOL, Yahoo, Twitter etc) on their website. It generates a simple 5-7 line code which you implement on your website and you do not need to study any of APIs. It takes only 90 seconds to get the code and various login interfaces are available!!

We invite you to participate in private beta phase and help us to improve the service further.

Looking forward to hear from you all soon

Thanks
NyaLogin Team

SitG Admin

unread,
Jul 5, 2011, 10:18:58 PM7/5/11
to he...@nyalog.in, openid-...@lists.openid.net
>We'd like to give away NyaLogin 50 private beta invites to OpenID community.

Are these different from the standard "It's FREE!" invites already
available through the website? Or is that an advertised service users
need to offer their personal info to learn isn't *quite* open yet?

>It generates a simple 5-7 line code which you implement on your
>website and you do not need to study any of APIs.

This seems to be a public authentication *proxy*:
http://www.nyalog.in/Include/images/AuthChart.png
As security and privacy go, this is a step even *more* intrusive than
simply instructing a user to retrieve arbitrary JavaScript (code)
from another site.

I also tracked down the source of your "Super easy to implement" feature icon:
http://www.emule-project.net/home/img/cuddleemule.png
Understand, it's not that I think you violated their IPR or anything
(if anyone, *they* shouldn't have such ideals!), but I do wonder what
it says about your company philosophies that your visuals are so
close to the logo of a filesharing software that intentionally
enables IPR violations.

I have not been able to track down anything similar for the "It's
FREE" feature icon, but it seems to be a candy bar with a bite taken
out of it and the wrapper partly off. Those are the only two icons in
your feature list that seemed out of place to me.

-Shade
_______________________________________________
general mailing list
gen...@lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general

he...@nyalog.in

unread,
Jul 6, 2011, 12:50:54 AM7/6/11
to SitG Admin, openid-...@lists.openid.net
Hi Shade,
 
Thanks a lot for your feedback.
 
"It's FREE" reflects that NyaLogin is a FREE service so website owners who would like to implement it on their website need not to pay! The private beta invitations are mainly distributed via various channels like official forums, bloggers, NyaLogin website etc and initially we are letting a limited number of users to access NyaLogin service.
 
We have already done research all details in security and privacy for NyaLogin interface. Users are directly authenticated on providers’ websites like Facebook, Twitter, Google etc and we are only providing channel for authentication. Also, we are neither storing any sensitive information (for example username & password) nor viewing them for any user. NyaLogin is an integrated interface for all these providers and for extra security we are also using HTTPS tunnel.There is no difference in term of security and privacy if a user enables OpenIDs/oAuths on his/he website via original ID provider or via NyaLogin.
 
We do not send unsolicited emails to our users and we are not advertising via email or on our website. NyaLogin does not collects users' personal info without users' consent and we only require users to provide us email ID and that’s required to keep our system function properly.
 
Few of the icons on the index page are taken from the publically available icons under open-license so there is no case of copyright infringement or IPR violation. If we receive such a complaint, we'll take appropriate action to make sure our company doesn’t violate any IPR or copyright law.
 
Regarding logo design, we have no clue of a company having similar logo. If there is a company with similar logo, that is a coincidence but please let us know the file sharing company you are talking about so that we can take appropriate steps to avoid any violation.
 
Thanks again for your feedback. We'd like you to invite to participate in private beta phase of NyaLogin and help us to improve it so that we can offer a better & FREE service to all OpenID lovers.
 
Please let us know if you have any question/concern?
 
Thanks
Team NyaLogin
 
PS: I'd recommend everyone to please read our blog 'Story of NyaLogin' to understand the core concept and NyaLogin's usability at http://www.nyalog.in/blog/?p=16

SitG Admin

unread,
Jul 6, 2011, 1:33:36 AM7/6/11
to he...@nyalog.in, openid-...@lists.openid.net
>Users are directly authenticated on providers' websites like
>Facebook, Twitter, Google etc and we are only providing channel for
>authentication.

Then, as I understand this, you're acting as an ISP; if your service
became successful, it would become a centralized point of
eavesdropping for identity correlation. I understand tunneling secure
connections over proxies; if you were concealing from users' main
ISP's what sites they were authenticating to or what sites they were
authenticating with, I could readily see what your service offers,
but by not proxying communications between the user and RP, it seems
that their ISP can still look at *those* OpenID strings to see what
OP the user has. This wouldn't matter as much if delegation was used,
but with most users accepting their OP's default, your service
doesn't seem to add much in the way of privacy (and potentially takes
away).

Think of distributed trust (i.e. the decentralized model) as a small
army of baskets, each carrying two or three eggs. It's easy to say
"We can sacrifice the weakest members of our army at no loss if we
give all their eggs to the strongest!", but even if you can find some
volunteers brave (read: stupid) enough to try it, all those eggs will
make them a prime target for so many snakes that they will be brought
down anyway! You can easily say "potential risks to privacy don't
matter", and even mean it, but the lure of such centralization will
attract attackers you *cannot* stop.

Risk management isn't just about preventing potential attacks. It's
also about damage control; limiting the effects, once a compromise
occurs. Looking at the diagram again, it looks like NyaLogin proxies
the user's connection to their *OP* (whom they have already
determined they can trust), and not to the *RP* (with whom they don't
automatically have such a relationship), while letting the ISP
determine RP but not OP (because of NyaLogin's proxy being the only
IP address connected to), and letting NyaLogin determine RP, ISP, and
OP.

If the goal is to let users keep their OP/Identity secret from their
main ISP, the tradeoff is letting NyaLogin have access to this
information instead. You might want to market more towards
disadvantaged users in countries under heavy censorship, though they
might already be trying to work around site whitelists (and NyaLogin
might not make it there any time soon).

>Regarding logo design, we have no clue of a company having similar
>logo. If there is a company with similar logo, that is a coincidence
>but please let us know the file sharing company you are talking
>about so that we can take appropriate steps to avoid any violation.

I linked to their website in the last post. It was a simple enough
description; "Why is that donkey sticking its tongue out at me?". I
think I got lucky with the software name being so close, though.
Alternatively, if there is software named after that candy bar, I
gave up before finding it :)

Andrew Arnott

unread,
Jul 6, 2011, 12:24:33 PM7/6/11
to SitG Admin, openid-...@lists.openid.net
This strikes me as a free alternative to Janrain Engage (although with fewer features perhaps).  The auth proxying model seems identical.  

Is that a fair assessment?

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

SitG Admin

unread,
Jul 6, 2011, 7:30:26 PM7/6/11
to Andrew Arnott, openid-...@lists.openid.net
>This strikes me as a free alternative to Janrain Engage (although
>with fewer features perhaps). The auth proxying model seems
>identical.

This?
https://rpxnow.com/docs
Ahh, the more-detailed technical language there gives me some idea of
what the intent may be. They are trying to be the first discovery
node in a multi-hop OpenID auth, right? Basically, the RP says "here
is their claimed URI, please let us know where the delegation loops
terminate"?

Reply all
Reply to author
Forward
0 new messages