Large web services from the likes of Google, Yahoo and others love to tout their OpenID support. But when these companies say “support,” sometimes what they mean is that you can use them as an OpenID provider — and store all of your precious personal information on their servers.
What’s much less common from the big companies are sites that let you sign in with OpenID. Today the popular photo sharing site Flickr has taken a small step in that direction.
The site has stopped short of true OpenID support, though that appears to be the end goal. For now its offering a way to sign in with your Google OpenID. Yahoo, which owns Flickr, is using Google’s authentication APIs to power the sign-in experience. Sadly, the new feature is only available for those signing up for Flickr. If you’ve already got a Flickr account, you have to authenticate using your original login.
Given that most of you probably already have Flickr accounts, today’s news isn’t all that exciting. But hopefully, it means the wheels are turning at Flickr and one day you’ll be able to sign in with any OpenID account.
OAuth is a great way to sidestep the dilemma of having to hand over passwords to third-party sites and apps to access user data. This is the primary reason the authentication method is fast becoming a de riguer part of today’s social APIs.
But while OAuth solves one problem, it creates another — it greatly raises the complexity of simple apps.
We’ve looked at the issue in the past, particularly with regard to Twitter’s transition to OAuth, which broke countless small scripts. The good news is that OAuth 2.0 is less complex than its predecessor and removes much of the headache for small developers. Unfortunately, OAuth 2.0 isn’t widely adopted yet, and it’s not quite ready for prime time.
But there is a solution for Twitter. SuperTweet was created by developer David Beckemeyer. The service sits between your script and Twitter, where it does the heavy lifting of OAuth for you. Even better, you don’t have to hand over your Twitter password to SuperTweet — instead, you create a password on the site, approve SuperTweet to access your Twitter account and then connect your script to SuperTweet.
The service isn’t meant for full-blown apps, nor does it support commercial uses. But for individuals and non-profits without the development resources to make the switch to OAuth 2.0, it can bring those simple Twitter scripts back to life.
Of course using SuperTweet means adding another potential failure point between your script and Twitter, but if you can live with that, using SuperTweet is easier than wading into OAuth’s waters.
When you’re signing up for a Google account, there’s now a new button you can click on that says “Verify by signing in at Yahoo.com.” Click it, and you’re sent to Yahoo, where you’re asked to allow Google and Yahoo to link up your accounts.
Tuesday’s development marks Google’s first attempt to be an OpenID relying party — a website that accepts OpenID logins from third-party providers. Also, this only works for Yahoo users for now, but Google says it’s going to start offering support for other OpenID providers soon.
On the surface, this may look like an attempt by Google to poach users away from Yahoo by making it even easier for them to switch. In fact, it’s a real-world example of the type of interoperability that OpenID has been promising to bring to the open web for some time.
Six Apart is shutting down its Vox blogging service. Users have until Sept. 30 to export their data to other services, including Six Apart’s TypePad blogging service. After that, Vox will be gone.
If you’ve got a Vox blog, there are several export options — Six Apart has instructions for moving to TypePad, Posterous and WordPress. There’s also an option to move your photos and videos over to Flickr.
Of course none of those services quite combine the privacy and small social network features that endeared Vox to users, but at least you can retrieve your content in some form.
The export options also make no mention of the fact that Vox is an OpenID provider, which means that, presumably, when your Vox URL is gone, your OpenID is gone with it. That means any site you’ve signed into using your Vox account will no longer let you sign in. In some cases that could mean a total loss of access to the third-party site — exactly the sort of thing OpenID is supposed to help prevent.
UPDATE: Six Apart vice president Michael Sippey responds to this issue in the comments. We’ve added it here:
Quick note. Vox will continue to serve as an OpenID provider through September 30. If a Vox user chooses to migrate their blog to TypePad, OpenID requests at the original Vox address will delegate to TypePad for authentication.
We know that shuttering a service is never easy on users; We’ve invested a lot of time and effort in making sure that there are tools in place to migrate content off of Vox, and that if folks are using Vox as their OpenID provider that there’s a solution in place for them.
If there’s a moral to Vox shutting down, it’s pretty simple: choose your OpenID provider with care. It would seem that the bigger the provider, the safer you are. Alternately you could be your own OpenID provider, ensuring that you retain control over your identity.
Six Apart’s blog does not give any reason for the shutdown, and the company did not respond to requests to comment on this story. However, it seems likely that Vox was simply supplanted by Facebook, Twitter and other, more popular means of sharing content with your web friends.
The social network landscape has also changed considerably since Vox launched in 2006. Much of the initial appeal of Vox — namely, its tightly controlled privacy — is less of a concern for many of today’s users.
The final Labs release, version 1.3, is the first to be known by the new name Firefox Sync. The release also has a couple of new features, like a simplified sign-up and setup process and a new action that lets you access all your remote tabs by clicking a single button.
If you’d like to grab the latest version, head over to the new download page. As always, we recommend upgrading all instances of Firefox Sync before actually syncing your data.
By the time Firefox 4 rolls around (later this year or possibly early 2011) Firefox Sync will be just be a standard part of Firefox, no add-on required.