Mozilla needs to move Persona out of the US
Few things in web development in recent years have excited me as much as Persona. It's no less than a revolution in terms of how easy it is for users to sign up for new websites and log in easily. The fact that it also makes authentication and user handling easy for web developers is an added bonus (check out my sample code for Persona integration).
There is one problem, though: The recent PRISM scandal has confirmed many people's fears that US government surveillance is extremely extensive and is not limited to a small group of potential wrongdoers. The question is whether Mozilla can allow Persona (both the legal entity behind it and the servers involved) to stay in the US.
I have absolutely no reason to distrust Mozilla (otherwise I wouldn't recommend Persona). But it seems that, if the US government is able to not only access large amounts of private data but also order the companies involved to deny this fact, then every assurance of privacy that Persona provides is basically worthless, even if Mozilla tries their best to protect their users.
The worst-case scenario is one where Persona would be integrated on a large number of websites (let's say 40%), and the NSA suddenly decides it wants Mozilla to hand over detailed information about Persona users.
Then NSA would have access to basically 40% of a user's browsing history, including URLs, the email address used, and time of visit. Persona doesn't store personal information other than the email address, but any email can easily be tied to personal information.
So should you, as a website owner, use Persona? I think so - it's too good to ignore - but I also think that if Mozilla really wants Persona to succeed, they should move it to another country with better privacy laws.
Otherwise Persona risks suffering the fate that OpenID did (very little adoption) - which would be a shame, because Persona is everything OpenID wasn't: It's both extremely user-friendly and developer-friendly.