BuddyPress.org

Just to address JohnJamesJacoby’s first concern, that’s not how OpenID works. “Sniffing” ain’t allowed. Authentication takes place *not* on the new site, but on the old site, i.e., Google or Facebook, and the *only* thing the new site is getting in terms of authentication is an oAuth token saying “Google says you’re good, so I’m going to authenticate you, using Google’s token and whatever other information you and Google have chosen to give me.”

That means the new site gets NO password.

ZERO.

ZILCH.

Now porting other data, and concerns over privacy with regards to that? Well, it’s not using Google or Facebook’s data, it’s *porting* it, so, yes, I can see privacy concerns cropping up all over the place with that, and it is a little Wild West right now.

But that will get better over time. Somebody will think of a way to better secure your data, etc.

Incidentally the OLD way for porting data *did* have the new site capture your password, i.e., to import friends on Facebook, you had to enter your email and password for, say, gmail, and then trust that Facebook wouldn’t keep it but would only scrape the data from gmail *one time*…THAT is dangerous, and, thankfully, OpenID and oAuth (distributed social networking) is doing away with that bad practice.