Posted October 28th, 2005 There’s a hole in the web
The web has a hole in it. That hole is shaped just like me. Anyone, with sufficient time and desire, could find the scattered bits that make up my composite identity and pour them into the hole. Between Google, Zabasearch, Technorati, del.icio.us and others you could fill the me shaped hole in the web.
But then again, I can do the same with the you shaped hole in the web.
And if we can do this with free or nearly free tools, just imagine what you can get with a little cash and some research. (Maybe this thought ought to be titled, “How I learned to stop fearing Eschelon.”)
So how can I prevent you from filling the me shaped hole in the web? I could attempt to change the shape of the hole. The problem is that in order to do that I have to change myself. Since this isn’t a self-help blog and we really don’t have time to delve into the vast array of my quirks, let’s move on to another approach. What if I could somehow generate more scattered bits about me than could fit in the hole? More me than is really me? If I could flood the usual channels with bogus identity information that was close enough to me to fool systems that you use to triangulate me and fill the me shaped hole, then I could make it impossible to tell the bogus bits from the real ones. You couldn’t be sure that you really filled the me shaped hole with real me bits. (By the way, I am in no way endorsing some sort of strange identity-based breakfast cereal… Me Bits, Now with more self-asserted claims!) The best place to hide something is in plain sight. Continue reading "A me shaped hole in the web and other thoughts from Internet Identity Workshop 2005"...
Posted October 27th, 2005 Overall, I am really enjoying this workshop. It serves as a great high speed primer for a variety of identity issues and technologies.
Some highlights from the presentations so far:
Doc Searls – Identity in the marketplace: The Rise of Fully Empowered Customer
It’s always good to hear Doc give a talk. His belief that the web is a marketplace, a place for business and culture definitely has a Diamond Age feel to it. His example of customer freedom from vendor CRM shackles is an interesting one. Though his example of renting car is certainly valid and demonstrates the reverse nature of our world today, I’d love to get the vendors’ perspective on this. There are a few people from Yahoo in the audience and I am sure that they have some strong opinions about the freeing of identity.
Brad Fitzpatrick – OpenID
Brad put on the best show of the day, by far. It was a very Dada affair full of self-criticism. It was a simple talk about how OpenID works and why it does what it does. A simple tool for a specific problem… frickin’ brilliant. OpenID is a way to prove you own a URL using an identity provider you trust. Fairly simple. I sat there wondering why, when we see a simple solution, we say, “That’s all it does?” Why is it that we seem to always want some grandiose solution to a massive problem. What happened to elegant, simple solutions to problem? For that matter, what happened to problems that can be expressed in a few words and not an onslaught of slides? Continue reading "Thoughts on the Internet Identity Workshop 2005 Day 1"...
Posted October 26th, 2005 So I am sitting here at the Internet Identity Workshop and so far, I’ve been impressed with the quality of the presenter. (I’ll have more on that later.)
I was chatting with Dale Olds from Novell and came across the following thoughts. With the rise of the empowered user, as Doc Searls speaks of, we may be facing a major downside. These concepts of user-centric identity are great… if the user actively manages their identity. What happens when this empowered user isn’t actively managing his or her identity? It seems to me that an inactive empowered user’s identity is equivalent to an unpatched Windows machine. Without actively managing my identity, it becomes a great target for not nice people to do not nice things.
If we elevate identity to the same status as a domain or device, then we elevate the responsibility of the identity owners. I, as an identity owner, have to maintain that identity: update privacy choices, update demographics, geographic information, etc. I would say that maybe, just maybe, 5% of the overall web population actively maintain their identities. My grandparents, for example, are not part of that 5%. So of the nearly 1 billion web users out there, there are literally hundreds of millions of identities which will not be actively maintained. An unmaintained identity is a prime target for not nice people just as an unpatched machine is a prime target. Continue reading "Identity as an unpatched device"...
Posted October 20th, 2005 Thinking of that Buddhist koan, “If you meet the Buddha on the road, kill him,” I realized it is relevant for identities as well.
If you met your identity, would you recognize it?
When I register at a site I usually use the same username. It helps keep the catalog of things I have to remember to a manageable number. I always get concerned when my choice in username is taken. My first thought is, have I been here before? Did I already register? If so, “who” did I register as? I start scouring through offline emails trying to figure out if I saved the registration notice. 9 times out of 10, I haven’t. The next option is hoping that the Keychain or Password Manager grab the credentials for me. If the site’s login didn’t get prepopulated there’s little chance either repository of has what I need. This leads me to the annoying process of having to register with a different username which I am definitely bound to forget.
The first problem is that recognize my identity based on a login on a site. This is clearly a weak way to link me to the services I want to access on that site. Continue reading "If you meet your identity on the Internet, kill it"...
|
|
what others say