Thanks for trying out Lanyrd. We're using Twitter rather than Facebook or LinkedIn mainly because Twitter has the best support for "follow" relationships. I don't necessarily want to hear about conferences attended by my co-workers (LinkedIn) and personal friends (Facebook) - I want to go to the same conferences as the people I respect, who may have no idea who I am. I can follow someone on Twitter without them needing to follow me back.

Deleting your Twitter account would play havoc with your Lanyrd profile http://lanyrd.com/people/jcgregorio/ - I should probably figure out a way of dealing with that... :/

You're right that redirects alone aren't the answer - OpenID has suffered from this same phishing problem for years, any time you have an untrusted site that's meant to redirect you to a trusted one there's potential for trouble.

In the long-run, the solution lies with the browsers. My browser should understand OAuth (and OpenID) and provide un-spoofable chrome confirming that I'm on the correct site.

That's another argument for sticking with the redirect though - if sites are using the redirect, browsers can start adding their own level of protection and it will Just Work with existing OAuth deployments.

Posted a bit more about this here: http://simonwillison.net/2009/Jul/16/responsibili... - including a call for OAuth providers to add frame-busting JavaScript to their authorisation pages.