leaf-node
commented
11 years ago i was thinking of one way to resolve the issue of needing to enter a webfinger when following users on other sites, and praying sites won't phish unaware users. with my idea, one's own server wouldn't need to act as proxy either.
a solution would be for your server to send you client-side js that allows you to access profiles and other content from external servers, without needing to leave myserver.io. since you never leave the context of your server, then when you follow someone, the js can be trusted to send a request to your server to handle the exchange with the other server. that way, the other server has no easy way to phish you.
of course, the webfinger method, or using your home server as a proxy, could work for those who don't use js.
when i click to follow someone else on another server, i'm given a text box asking me to log in. now, if i navigated to their profile from my home server, then i might be confused. "why isn't my server remembering my login? oh well, better sign in again. seem like this happens every time." (and then they get my password. it would be easy to setup a lucrative honey-pot this way.)
what if the default for this kind of situation was for pump.io to ask for my webfinger if i'm not logged into that server? that way, the server would direct me to my home server, by default. if the server address is that server, then it could ask for my password, with the user name text field already filled out.
(it would still be possible for a modified pump.io server to behave differently, in order to phish passwords. but that would deviate from the norm, and hopefully this behavior would be more concerning to the end user, as it would go against what they've learned to expect in that situation.)
also, as an option, there could be a link below the webfinger box saying: "do you have an account on this server? login here!" after all, pump.io is first and foremost a federated system, so it would be nice if the behavior was most conducive to that.
still, people might get confused anyhow, and try to enter their user name on a different server in a situation like this. so what if there was some text at the end of the user name box saying "@pumpbuddy.us", just to be clear? (there could even be a small link next to that saying "different server?", with help information)
i recognize that there is no perfect guard against phishing, except by checking the url at the top of the page and using https, but this would go a long way, by strengthening the expectation to not log in each time i follow someone. in addition, a slightly different process here would be more convenient to users.