> If I understand it correctly, Persona will give [identity services like Gmail] more direct control over user's identities.
No, Gmail already has that control. Almost every website out there allows you to reset your password by sending you an email. If you control the user's email, you can change their passwords. Persona changes nothing in this regard.
1. Right now, Gmail has only as much control over accounts as individual website developers give it. It's up to us to implement alternative password reset system and make them the default. Any website can (and in my opinion should) switch to something else at any time, because, firstly, password reset system is decoupled from core authentication mechanism and, secondly, it is under web developer's control. Mass adoption of Persona will change this problem from locally solvable to unsolvable. If this becomes the authentication standard (which seems to be the project's goal), you will have to trust user's email provider.
2. Right now, Gmail can reset your password, but it cannot silently authorize someone else to use your account without you knowing. It seems (and correct me if I'm wrong here), that with Persona such scenarios will become possible.
1. You're comparing Persona to an imaginary world where most websites don't rely on email providers to prove authentication. I'm comparing Persona with the actual situation where people use the same password everywhere. Persona isn't perfect, but it is much better than what the vast majority of websites use, and it allows even better methods to be implemented where needed. Furthermore, Persona is more usable, and therefore more attractive and more likely to be deployed widely.
2. Yes, it can. It can delete password reset notifications. If the notification contained the password in plain text, then there would be no easy way to find out whether Gmail logged in to your account on X. If the notification contained a password reset link, there is a possibility that the user would subsequently discover that their password was no longer accepted on X. But given that most users use the same password everywhere, Gmail already has a huge potential for evil, as it could just use the passwords it has already collected. Users that worry about Gmail can use an alternative email provider or their own, after all, email and Persona are both decentralised. Website developers that worry about Gmail can use other authentication methods on top of Persona, such as in-house two-factor authentication.
tldr; if Gmail is evil, both Persona and current systems can't stop it. If that worries you, use your own email server, and use other authentication methods on top of Persona on your websites.
You're comparing Persona to an imaginary world where most websites don't rely on email providers to prove authentication.
I'm comparing hypothetical mass-adoption of Persona with hypothetical mass-adoption of alternative password reset policy. It seems like a fair comparison.
Or another way to look at it is that you put the burden of choosing a responsible identity provider on the user. If the user chooses poorly they get owned, not you.
No, Gmail already has that control. Almost every website out there allows you to reset your password by sending you an email. If you control the user's email, you can change their passwords. Persona changes nothing in this regard.