Need to protect users from logging into a different pump.io server

[chrisjrob]

I don't fully understand the multiple pump.io server philosophy, but I do think there is a security issue. For example, in the activity stream on identi.ca, if I click on a user on a different pump.io server and then attempt to interact with them, e.g. by clicking Follow, it prompts you to login and you don't necessarily know that you are logging into a different server.

The problem is that the different servers work too closely together - it has to be more obvious that you have left identi.ca.

[jpope777]

The first time you log into the other server, you have to authorize the server. So long as you actually read the authorization and not just click the button, I think it's fairly obvious that you've left your home pump.

[chrisjrob]

It may be "fairly" obvious, but it was not obvious enough for me. I entered my credentials to log in, and it was only when the authentication failed that I realised my mistake and had to go and change my password on identi.ca.

Why would I know that https://pump.jpope.org/XKCD is not part of identi.ca? I reached it by simply clicking on a user. You expect users' posts to take you off-site, but not their user names.

[jankusanagi]

You expect users' posts to take you off-site, but not their user names.

Well, to be fair, that also happened before, when identi.ca was statusNet-based. The problem here is that you think of identi.ca as a self-contained network, when identi.ca was just one server among many in the greater statusNet network (even if it was the biggest), and now it's just one server in the greater Pump network.

I think it's a matter of understanding what you're using. BTW, the minimum precaution you should take before entering your credentials in a website, is checking the current URL ;)

[chrisjrob]

On 15 July 2013 12:28, JanKusanagi notifications@github.com wrote:

You expect users' posts to take you off-site, but not their user names.

Well, to be fair, that also happened before, when identi.ca was statusNet-based. The problem here is that you think of identi.ca as a self-contained network, when identi.ca was just one server among many in the greater statusNet network (even if it was the biggest), and now it's just one server in the greater Pump network.

I think it's a matter of understanding what you're using. BTW, the minimum precaution you should take before entering your credentials in a website, is checking the current URL ;)

Oh absolutely, couldn't agree more - I was an idiot. But if I can be an idiot - anyone can. Is this a platform for geeks or the general public?

Chris Roberts

[jankusanagi]

I don't think it's a matter of being an idiot, it's a matter of understanding what you use. People are used to centralized networks. This is not one of those, so there are some changes in mentality needed.

[dper]

Isn't this a pure UI bug? The different pump.io servers that are out there look, in most part, identical. A natural solution would be to make very obvious graphical differences. A distinguishing logo just to the left of the login box, for example, might be nice. Or different colored backgrounds for different servers. Of course it's up to individual people how they design their sites, but in any case, the current differences are not eye catching. I think we can do a little more than say "Be more careful!". :-)

[band]

I think that I am a prime example of what Jan says; viz., I do not have a working understanding of the pump.io network. I understand that I am authorizing different pumps. What I do not understand is how to follow the notes from multiple pumps. I think I expect to see one stream with output from different pumps, and maybe that is "centralized network" thinking.

[erincandescent]

And how do you propose to enforce this? If you rely on differences in appearance, you will be caught out.

I think far better would be to change the login flow:

•   Login creates a popup dialog

•   You enter your Pump address

•   A script in the background parses your address. If it’s at this site, it pops up the password prompt. If it’s not at this site, then clicking on the login button will take you to the site your handle is registered on

•   (As an improvement to this, we could create an integrated “Login + Authorize” flow in one page, as done by sites like Twitter)

From: dper [mailto:notifications@github.com] Sent: 15 July 2013 15:24 To: e14n/pump.io Subject: Re: [pump.io] Need to protect users from logging into a different pump.io server (#722)

Isn't this a pure UI bug? The different pump.io servers that are out there look, in most part, identical. A natural solution would be to make very obvious graphical differences. A distinguishing logo just to the left of the login box, for example, might be nice. Or different colored backgrounds for different servers. Of course it's up to individual people how they design their pages, but in any case, the current differences are not eye catching. I think we can do a little more than say "Be more careful!". :-)

— Reply to this email directly or view it on GitHub https://github.com/e14n/pump.io/issues/722#issuecomment-20972633 . https://github.com/notifications/beacon/KfCbfcweUREkh0uq_-Z6AI0RxYPuRJeiOJRTxRaUY9XxvMArnsLeCvyelwc-ABAX.gif

[dper]

@oshepherd I think you're misunderstanding my suggestion.

Aesthetic changes to currently existing servers are relatively easy to implement. People running servers who want to could make theirs a different color or use a different icon or logo in some highly visible place on the login page. That is quick, easy, and solves many problems. It doesn't solve the problem of people running servers that intentionally look like other servers or of being too hasty to properly configure their own, as you noted.

It seems like you also have a solution, one that would probably be more comprehensive. If so, great.

[chrisjrob]

Perhaps the best solution would be a passive warning "Leaving $pump.io.name [Learn more]"