31May
Earlier this week, we asked of Livejournal support,
Following recent news that Six Apart has decided to whitelist certain third-party servers for YADIS authentication, I wish to entirely disable YADIS for my Livejournal account.
Could you please advise how I might do this?
Approximately four hours after submission, the question was placed in the webmaster section, effectively hiding it from public view. In the time between submitting the question and receiving a response, we found that it had been cited by the resistance. We have sent a copy of this article to the observant person concerned.
Almost 24 hours later, Livejournal said (and all typos are in the original),
You can disable OpenID for your account by customizing your journal to remove the OpenID declarations in the <head> of your style. Unfortunately, we cannot assist you with this; you may wish to search for a tutorial on customizing your journal.
This is possible, but only for people who have defined their own S1 scheme, and currently have a paid account.
How to do it: Go to the Style edit screen, pick your main journal style, go down to the LASTN_PAGE section, and remove the %%head%% declaration.
Doing this will also break a lot of other things, including - but not limited to - removal from search engines, HTTP content type declarations, auto-discovery of your RSS feed, Friend-of-a-Friend data, and various Javascript declarations. You may wish to review the content of the HEAD section before committing this change, and manually incorporate such elements as you want to include.
If you are using an S2 scheme, it is not possible to disable Open ID. The declaration is contained in a function print_head (), and the contents cannot be amended by the user. It's a very poor kettle of fish.
But let's finish with an underlying reason why YADIS is a phisherman's phriend. It is far too open to abuse. We don't think that it's worth anyone's time, and if this advice saves someone from having their identity compromised, we will sleep a whole lot more easily.
This post was significantly revised on 5 July 2007; the previous version was almost completely inaccurate.
We finally managed to test this method in March 2008, and confirmed that it worked as planned.
