It’s been a while since I blogged over here, the last few months have been intense adding new members to my team in the national security group. We’ve been working on some really great projects that I’d love to talk about but I’d have to kill you. There is something new on the horizon that I see everyone being set up for and needed to talk about it.
You may have noticed lately the push to verify / create your identity on everyone’s favorite social networking sites, twitter and facebook. Twitter is claiming that they take impersonation of people seriously in this blog post. However, in under a week of giving out these verified accounts people are admitting that their accounts were never verified. You make argue that people like Mike Arrington and Chris Messina are well known on twitter and they must be the real person behind the keyboard. No doubt that many of the people at twitter have met them in person, but that doesn’t bode well for the validity of this “verification” service.
Last night facebook launched their vanity urls to the public. No longer to you have to put in a long profile ID to find me on facebook, now its as simple as typing http://www.facebook.com/matt.topper. Some interesting ones have already been taken. Within 15 minutes launching last night 500,000 people had already claimed their vanity url. Meaning that over half a million people decided to spend last night in front of a computer to get a unique name on a social networking site. So what does this have to do with a race for your identity? I have a theory that within the next 6 months we will see both Twitter and Facebook in a race to become the defacto OpenID providers for the web. Google, Yahoo, and AOL have all launched OpenID providers that use your existing accounts, but none have provided a compelling reason to use them. Myspace also launched their openid provider earlier this year, but again, failed to catch on. There are plenty around the web.
First I should explain what OpenID is. OpenID provides a lightweight federated single sign-on interface to your accounts across the web. In simple terms, you can sign on in one place and never have to log into another site again. This centralizes the authentication of your accounts across the web and helps determine what personas you portray across the hundreds of sites you may access. Interested in a more in depth description? Check out this wikipedia entry.
I would guess that a good percentage of users check Facebook or Twitter long before they check their email every morning. If they could offer you a service that you log in once with them to start the day and never have to log in again why would you chose anything else? Also, if you wanted to sign up for a new site they would allow you to share your profile / persona information with the new sites instead of filling out a lengthy form and it would update those sites with any changes to your info automagically the next time you logged in. Sounds great doesn’t it?
It sounds like a great service to me, I can’t wait, but why would Twitter and Facebook want to provide this to me? Wouldn’t it cost them money? One of the things that I’ve been discussing for years is a trust model on the Internet. When a crisis comes up who do you know who to trust on the web. If I have a problem with my GTO I go to ls1gto.com and do some searching to find who the top users are and might send them a message with my problem to see what they know. But what happens in a crisis situation when I’m monitoring twitter feeds when a hurricane comes through Florida. I can easily set my location on any of these services and act like I’m the middle of the action. What separates me from being Joe Schmoe and a retired PHD meteorologist who lives in the region. If I want an account of what things are like I’d probably want to pay attention to the tweets of the retired PHD.
Lets keep exploring why they want this info, it’s really powerful stuff. First they have a list of the people my “friends.” Twitter has a distinct advantage here. They actually know who I influence and who influences me. Through my long term tweets / status updates they know what I care about and what I am an expert on. Now if they know the sites I visit they have the ultimate revenue machine on me. They know my identity, they know my likes, they know my demographics, they know my friends, they know what sites I visit, and they know what sites my friends visit. Now they can very accurately target me for potential sites / products that I should be going to. It’s truly a world of “He who owns the data wins.” Once they have all this information on the books they really own the world.
I have my own concerns with OpenID and having one place to “hack” to get access to all my sites. I think any reputable provider will need both strong authentication and risk assessment added to their solution before I trust my identity with them. To be honest I think they US federal government should start their own trusted / verified OpenID provider but thats a topic for another post. (It’s already working in Estonia) Before I scare everyone with that topic, what do you think? Are Twitter and Facebook trying to be the de facto standard for your authentication and access information on the web? Or are they introducing new services to help their userbase identify with one another? Sound off in the comments, I’ll be looking forward to them.