Identity / Profiles / Trust

As I know so many people whom I both like and respect but who are also very keen on Open ID, I've been reluctant to carp (and it could just have been me who found it hard going), so I'm glad someone else has come out the closet on this.. Jan Miksovsky logs most of the issues I came across and many more, and his conclusion roughly matched mine:

For the time being, I can’t imagine a sane business operator forcing their precious visitors through this gauntlet of user experience issues just for the marginal benefits that accrue to a shared form of ID. I've read numerous claims that all it will take is for someone big like Google to support OpenID to crack this problem open. Unfortunately, there's no business of any size that can afford to direct their traffic down a dead end.

In short, if it's fiddly for a tech tart like me, its not going to fly with the mass market. Jan offers a good list of proposed solutions. I'd like to second them otherwise this idea of an Open ID, which I support, will wither away.

1. Redesign the OpenID home page for consumers. The page's main content should contain a brief explanation of OpenID in consumer-friendly terms, along with a giant Get an Open ID button. Move all the developer material behind a Developers button.
2. Design an end-to-end process for getting an OpenID from a service operator's site. Since most services won't care which provider the user uses, let these services send the user into a real flow for picking a provider, getting an ID, and most importantly coming back to the original service to use the new ID. When they get back to the service, the new OpenID should be prefilled.
3. Give the above flow a sidebar titled "Do you have a blog?" that explains that, if they have a blog on LiveJournal, TypePad, etc., they can use that for their OpenID. A link in the sidebar should shunt the user into a page that has them pick their blog provider, then tells them what the (blog service dependent) form of their OpenID is. The flow should then return the user to the service they started on (again, with their OpenID prefilled).
4. Organize the list of providers around factors that can actually influence a user's decision. Consider offering provider ratings based on ease of use, uptime, etc.
5. Refine reference designs for the complex range of cases that come up in using OpenID with a service. E.g., define the expected behavior and terminology that should be used when a user tries to log in with an OpenID but does not already have an account with that ID.
6. Define guarantees that services should offer to users in the event their OpenID provider goes out of business.
7. Build an organization that can do real usability testing on this service with real consumers.

Not at all surprised to read about Facebook getting its code hacked over into the public domain (see this report in New Scientist) - as we have argued before, sites like these are hackers' paradises and there are way more mathematicians outside than in. NewSci makes the same points well and also quotes our favourite cryptoguru Bruce Schneier, so even if you don't believe us....

Anyway, to quote NewSci:

The reason the leak is concerning is that, by studying the leaked code, a canny computer hacker might be able to figure out some critical security vulnerabilities and thus gain access to tonnes of personal information.

Having the source code is not the same as finding a vulnerability, however, so I don't think there's much cause for alarm right now. On the other hand, the story raises two important and worrying issues.

The first is that social networks place an awful lot of personal information in one location, raising the risk of identity theft - as several security experts have already warned.

The second point, which is connected to the first, is that social networking services are becoming an ever more enticing target for computer hackers. Only last week we ran a story about a computer expert cracking into MySpace accounts.

Eggs, Basket and all that......

Increasingly when we think about Identity (being the paranoid people we are) we like to think about it being dispersed, hidden, and hardened against attack. I was asked to talk at Mobile Monday last week on the issue of mobile Identity, and noted we could call our approach the "Voldemort Horcrux Gambit" - anyway, that seems to have gone down quite well judging by the comments I got afterwards, so we offer it as an analogy here for you, gentle readers.

From Wikipedia:

A Horcrux is a "receptacle in which a Dark wizard has hidden a part of his soul for the purposes of attaining immortality." With part of a wizard's soul thus stored, the wizard becomes immortal so long as the Horcrux remains intact, typically hidden away in a safe location. If the wizard's body is destroyed, part of the soul remains preserved within the Horcrux.

Words like Intact, Safe and Hidden are to the point here. Furthermore...

There is no apparent restriction on the nature of the items that can be made into a Horcrux. Inanimate objects are usually used, but a living organism can also be made into a Horcrux. There also seems to be no limit on the number of Horcruxes a wizard can create. However, as the person's soul is divided into progressively smaller portions, he loses more of his natural humanity and his soul becomes increasingly unstable

In that respect they behave much like federating identities - more is safer but is harder to maintain. Voldemort believed 7 was the magic number but inadvertently made 8 (and look where that got him). And finally. a salutary lesson:

In his arrogance, Voldemort dropped subtle hints about having created Horcruxes to his followers. Having overheard one such boast, Regulus Black guessed correctly that Salazar Slytherin's locket was a Horcrux and sacrificed his life to retrieve it

Now, one may think that this is only relevant to Evil Wizards, Corporates and other mobsters with a need for high security, but people would do well to think about the rise in (i) ordinary consumer identity fraud and (ii) the number of "lapses" like the Facebook one that have already occurred

So, can we offer probably the best bit of free consulting advice you will ever get this side of 2010 - if you are ever tempted to "let it all hang out" on Facebook or whatever - don't. Build your own Horcruxii instead.

Interesting article on CNet arguing that competition is driving search engine companies towards ceding more privacy to their customers...

An analysis released Wednesday (PDF) by the Center for Democracy and Technology concluded it's good news for consumers that Google, Microsoft, Yahoo, Ask.com and AOL pledged in recent months to amend how they handle user search data. That includes a person's queries, cookie identification number and Internet Protocol address.

"We see a stepped-up commitment to privacy from the companies, and we believe they are starting to see privacy as a market differentiator, and that, in fact, is starting to spark some competition about privacy," CDT Chief Executive Leslie Harris told reporters at a morning briefing here.

Excellent news it would seem...yet there would appear to be competition in the privacy lobbying game as well:

The Center for Digital Democracy, which has made a name for itself in assailing Google and Microsoft on privacy issues, was quick to blast the CDT's findings as failing "to address the wide-ranging privacy threat coming from the major search engines and their advertising clients." In a statement e-mailed to reporters, CDD executive director Jeff Chester charged that CDT "has long been an ally of the various data collection companies it purports to oversee on behalf of consumers."

And, following The Money...CDT, which bills itself as an Internet civil liberties advocacy group, acknowledged on Wednesday that it has received funding from all the main search companies except Ask.com.

Still, its all moving in a good direction.

Update - good summary of overall position here on this follow up article

I attended last Monday's Mobile Monday / Identity Society meeting dealing with Mobile Identity.

The session started with 4 presentations:

Jim Cray of Sun went through the Sun Identity Manager service, which I suspect most Identity fundis know well, but did make the interesting point that today customers want Identity as part of the platform, not an optional plug in. (We are seeing the same thing)

Dave Birch of Consult Hyperion talked about Identity as a Utility, and the need for an "endgame" vision of Identity that can help prevent abuses where people ask for far more data than they need (he gave the example of a nightclub that collected a lot of personal data just to establish whether people are under age.)

Dr Janko Mrsic-Flogel talked about the things Transport for London is doing in integrating their real time schedule data with people's mobile phones to give travellers a far richer view of the travel info and reduce travel stress. Most excellent! It uses Near Field Comms, so that was interesting too.

Ben Whitaker of Masabi talked about their new technology that allows 2 orders of magnitude better security over other 2-factor authorisation techniques, and to massively reduce the "man in the middle" effect. It is a creative approach, so good luck - but man in the middle attacks are a very persistent issue....many have tried before etc etc

I was speaking on the Q&A panel along with the above worthies (we have done quite a bit of client work in the Trust / Identity area, and here are some other blog posts), and Ajit Jaokar, chaired by Luke Razzell of the Identity Society, who had kindly invited me. Luke asked us what we thought the major opportunities, disruptions and threats for mobile Identity. Ajit and Dave have already blogged their take, so here's mine:

Opportunity - merging the multiple sources of Identity we have, and also allowing us to federate our own - the "Lord Voldemort Horcrux" strategy
Disruption - people understanding the value of their identity and taking control of it rather than going down the passive consumption path - would hurt quite a number of well laid business plans...
Threat - early Identity abuse from commercial entities, taking advantage of early day ignorance of users destroys trust in network based Identity services

There were two areas that took a lot of discussion in the Q&A:

- Whose Identity is it - if I give you my phone number on your mobile, is it yours to distribute as you will, or no?
- Social Nets and "Letting it all hang out" - is this the "new way" we live our lives, our just (mainly youthful) naivete*.

These two debates lasted well into the apres-event drinks...................and will probably reverberate for quite a while yet,

*Postscript - these guys say its not an issue (but then they would, the study was funded by MSFT and News Int'l among others - I think this is a long burn thing