The problem with persona is that it sends the same identifier to all websites (nominally your email address). That makes it super-easy for those websites to feed your activity to a central tracker like DoubleClick which will consolidate all usage information from all DoubleClick affiliated websites.
Persona would be a lot more privacy-preserving if it generated a unique identifier for each website. A "persona" for each website instead of one persona for the entire interwebz. Since the system is mostly automated it shouldn't be that hard to add one extra layer of indirection.
It might even be possible to shoe-horn it in to the current protocol with just a little bit extra on the browser and identity provider sides, but no change on the website code.
If anyone has actually done that, please post, I'd like to hear about it. Availability of that functionality would sway me to start using Persona and probably anyone else who is worried about spreading their email adddress far and wide across the internet.
Persona isn't a panacea. If websites collude, and you use the same address on each site, then they'll be able to correlate their user tables.
That's identical to the status quo, and fixing it is not one of Persona's explicit goals.
We're very consciously trying to hit a pragmatic middle ground that moves the web closer to user empowerment, without being so different as to hinder adoption. Consider: if you're already collecting email addresses for your users, you can immediately start using Persona without changing any of your assumptions about your data model. It's portable and it dovetails into current practices.
However, it is technically possible to do what you want right now, so long as you have your own domain and write a small browser extension. Longer term, we're currently working with a partner on a possible extension to the provider protocol which would make it easier to implement that sort of "directed identity."
To be fair, this is not really Persona's responsibility. Pre-Persona, if you used the same email address on every signup, you already enabled this sort of tracking. With Persona, you'd have to take the same precaution of having multiple Personas if you wanted multiple personas :).
Also some people do want a single identity for the entire Internet, or at least a lot of it. Many people use the same real-name identifiers on HN, Github, LinkedIn, etc. professionally.
Persona would be a lot more privacy-preserving if it generated a unique identifier for each website. A "persona" for each website instead of one persona for the entire interwebz. Since the system is mostly automated it shouldn't be that hard to add one extra layer of indirection.
It might even be possible to shoe-horn it in to the current protocol with just a little bit extra on the browser and identity provider sides, but no change on the website code.
If anyone has actually done that, please post, I'd like to hear about it. Availability of that functionality would sway me to start using Persona and probably anyone else who is worried about spreading their email adddress far and wide across the internet.