Yeah good point but I also think the information is a security problem, for example the attacker hacks the OpenID account and now has their username and password as well as known IP addresses of the user.

I thought I would contribute something I have learnt about Verisign.

I have noticed that Verisign allows users to delete the records of logging in history.

Hence if someone where to break an OpenID login they could cover there tracks and hide any signs of an attempted breach.

Looking at MyOpenID they have the history read-only.

You need to login to the Verisign service before executing the POC.

*NOTE* The trusted sites should be deleted in your Verisign account for the POC to display correctly. I would make this easier but I don’t currently have time to modify the poc.