And if you read those, it should become pretty clear _why_ this is better for privacy than the FB or Google login systems. For one thing, the identity provider is never told that you're logging in.
Not even the links you posted tell me a) where certificates are stored and how they are protected, b) what measures are taken to prevent unauthorized use of those certificates by the ID provider, the browser (plugins?), other entities, c) how the act of entering an e-mail address is secure (other people may have access to my computer and know my e-mail address). Admittedly, I didn't watch the 1 hour presentation video, but I've come across HN-linked presentation web pages several times and tried to understand these issues every time, the result was always the same: Mozilla assures me it's all done properly, but does not provide the relevant details to back up these claims.
Mozilla needs to make a very compelling case to web site owners for adoption, because FB and even Google has more users and oauth is at least roughly understood.
Let's see if I can help provide some answers here:
a) certificates are stored in localStorage for https://login.persona.org. They are very short-lived (hours), so that we don't have to deal with revocation, since that would likely be impossible on a per-user scale.
b) there's no way you can prevent an identity provider from misusing your identity. They're your identity provider. You chose them because you trust them to credential you and not let other folks impersonate you.
b') browser extensions already have full control over your life. That's something that should be addressed longer term, but Persona is not making this any worse.
b'') other entities cannot access the localStorage for login.persona.org, so that should be okay.
c) you're not just entering an email address. You're also proving you own it, for example by being logged into your Yahoo.com account, or by clicking the confirmation link we send you. What we're doing is minimizing the number of steps you have to take to prove you own an email address. But you still have to own it.
You should check out our documentation, which is quite thorough:
https://developer.mozilla.org/en-US/docs/persona
I think we've provided a lot of hard data and docs to back our claims, but we're happy to provide more, of course.
> how the act of entering an e-mail address is secure (other people may have access to my computer and know my e-mail address)
Assuming you're saying other people have access to your email account already, it's game over: practically every site will send password reset procedures on demand to the email you used to create your account.
Alternatively, if you're saying other people know your email address, that's not really relevant. They need to either be able to read email on your account (see above), or be able to implement an Identity Provider on your email domain.
If an unauthorized party is able to implement an IdP on your email domain you have an even worse problem: your email provider apparently is unable to control basic aspects of their own domain.
to actually implement an IdP, your email provider must publish a https://domain.com/.well-known/browserid file. If a rogue third party can do this at will, I'd say your email provider has horrible security and your security assumptions are probably broken anyway.
Since programmers and other tech workers still have difficulty understanding the details of Persona, this seems to be a clear PR issue. It's a lot like trying to convert normal people to Linux by telling them it's great and if they don't believe you they can read the source of the kernel. Not a very compelling defense.
From there, you can dig as deep as you'd like--we have docs to help with building an identity provider, integrating Persona into an existing site, even a list of pre-written open source plugins in a ton of languages/frameworks.
If none of that works, drop by #identity on mozilla IRC and tell us our docs suck, so we can prioritize making them better.
As far as the architecture of the overall thing, there are also http://identity.mozilla.com/post/7899984443/privacy-and-brow... and http://identity.mozilla.com/post/11145921163/browserid-desig... and a technical specification at https://github.com/mozilla/id-specs/blob/prod/browserid/inde... that describes the exact data flow involved.
And if you read those, it should become pretty clear _why_ this is better for privacy than the FB or Google login systems. For one thing, the identity provider is never told that you're logging in.