@w4rner There’s nothing to trust with IndieLogin.com. If I recall correctly it’s just implemented IndieAuth, so it’s going to take your URL as an input and doublecheck that you’re actually logged into your own account before allowing you access to the service. It doesn’t take or use your password in any way and you can revoke your login at any time. It’s an extension that’s built onto OAuth 2.0, so it’s really no different than using something like your Twitter or Facebook account to log in, but in this case you’re using and hosting the technology with your micro.blog site (or really micro.blog is doing it on your behalf.)