It's fully distributed because the identity provider is your email domain. When [email protected] logs in, gmail.com could be the only server that the system interacts with! This is described here: https://developer.mozilla.org/en-US/docs/Persona/.well-known... Gmail may or may not choose to become an identity provider. That's ok too. In that case, a secure Mozilla server (with a sane privacy policy) will broker the email verification instead and thus can vouch for the user's identity.