> I don't understand this. Presumably there's nothing stopping Website X sending both: a) my email address; and b) Website X's URL.
Yes, but there's nothing stopping them from doing that today. Persona doesn't help you if the site you sign into can't be trusted with the identity you give them. But nothing requires you to give them your normal e-mail address - you could just use throwaway if you find that a concern.
This is not what Persona tries to fix.
Persona is single sign-on where the identity provider does not know which site you sign in to, unlike current solutions where e.g. Google, Twitter or Facebook knows where you sign in whether or not the site you sign into is trustworthy or not.
Yes, but there's nothing stopping them from doing that today. Persona doesn't help you if the site you sign into can't be trusted with the identity you give them. But nothing requires you to give them your normal e-mail address - you could just use throwaway if you find that a concern.
This is not what Persona tries to fix.
Persona is single sign-on where the identity provider does not know which site you sign in to, unlike current solutions where e.g. Google, Twitter or Facebook knows where you sign in whether or not the site you sign into is trustworthy or not.