@Dashrender said in What SQRL Apps Are You Using:

@scottalanmiller said in What SQRL Apps Are You Using:

@Dashrender said in What SQRL Apps Are You Using:

@scottalanmiller said in What SQRL Apps Are You Using:

@Dashrender said in What SQRL Apps Are You Using:

@coliver said in What SQRL Apps Are You Using:

What's seems odd to me (even though it probably isn't) is that there are no major players also working on this in tandem. If this is supposed to be the next iteration of anonymous login there are a ton of security adjacent vendors that would love this.

No, they wouldn't because they can't make money off of it.

Actually they could, if it had any value. They could make a lot off of it. It's because it doesn't do anything useful that it has no value. OAuth already does all the good parts of SQRL and fixes the "not easy" problems.

No it doesn’t because oauth gives the control to that third party, it’s not trust no one.

SQRL does that too.

What no it doesn’t. You are the only one with your private key and everything is done on the fly based on that. No third party is ever involved.

That's the impression that they like to give, but it doesn't work that way. To share identities or have any "easy" between sites, it is still sharing just like OAuth (Actually, they state that they are just extending OAuth.)

So with SQRL you always have to trust at least one source, and if you want the features that most people want, then you have to trust a third party as well. The SQRL key carries no info, so is nothing more than a cookie, so requires the same third party sharing that we have now,. It's just a cookie that doesn't automatically get conveyed between unrelated sites.