Internet Identity Workshop: An Open Alternative To Facebook?

I spent Tuesday at the Internet Identity Workshop at the invitation of Kaliya Hamlin. I met Hamlin a couple of years ago while working on another conference, and had some fascinating discussions at the time about the Semantic Web and the future of news.

Hamlin was named by Fast Company last year as one of the most influential women in technology. She’s the organizer of numerous un-conferences around the valley. But in this case, she was being recognized for her co-founding and ongoing role in the Internet Identity Workshop. Started five years ago, the group gathers twice each year and was holding its 10th conference this week at the Computer  History Museum in Mountain View.

The subject of identity on the Web is especially timely right now with the controversy swirling around Facebook. The social media giant wants to essentially be the main repository of your online identity, and allow you to carry that around the Web with you. There are a lot of benefits to that, but there are also reasons to be wary. The folks at the workshop are developing more open alternatives.

What’s at stake here? As Hamlin frames it on her blog:

“The issue at hand is fundamentally about FREEDOM: the freedom to choose who hosts your identity online (with the freedom to set up and host your own), the freedom to choose your persona – how you present yourself, what your gender is, your age, your race, your sex, where you are in the world.”

So I stopped by the workshop for a few hours to sit in on some sessions and talk to Hamlin about the subject of identity on the Web. It was a great conversation, so let me summarize some of her thoughts. And at the end, I added a copy of her presentation that kicked off the three-day gathering.

From my view, one of the appealing aspects of Facebook, the now defunct Facebook Connect, and the new Open Graph, is the ability to centralize your identity on the Web, and then carry it around with you wherever you go online. That’s a big win for consumers. It’s simple, and it’s easy to use.

The emergence of the social Web has been transformative, but frankly, it can also be a pain the butt. As each site becomes more social, you have to register, create a profile (which becomes your identity), and then re-gather all your friends (or make new ones). Then you have countless social networks to remember and manage. Facebook has offered to solve this by becoming the center of your online identity. And in the process, it has taken a step toward becoming the central nervous system of the Web.

But: In ceding this role to Facebook, there is no question that we are making a deal with the devil. In exchange for the increasingly seamless social experience, we are giving enormous power and control to Facebook. By turning all of our personal information and identity over to Facebook, we are subject to the company’s whims and policy changes. And once you’re in, it’s hard to get out considering that Facebook is closing in on 500 million users.

Just what are the pitfalls of the Facebook-centric identity system? Hamlin raised three big issues:

  1. Multiple identities: Facebook expects you to have a single, authentic identity. People who have used fake names have had their profiles taken down. But Hamlin said we all have different aspects of our identity and personality. She noted that in some technical listservs, she knows women who pose as men because they want to avoid harassment. Creating alternative identities or false ones is difficult to do with Facebook. “It’s an essential freedom on the Interent to have different personas, to be someone else,” Hamlin said. “Facebook makes that harder to do.”
  2. The Internet is not vanilla: Hamlin says we don’t necessarily want to gather all of our activity in one central place where it can be shared with everyone. There is some activity we want to share widely, but some things we want to keep closer to the vest. Facebook allows various levels of privacy for different content, but it’s still too easy for people to see who you are friends with and deduce certain things about you. “People have mental health issues. They have illnesses they don’t want to share with the world. They have stuff in their lives that they don’t want to share with everyone else. And it’s naive to think you’re going to link all that stuff together,” Hamlin says.
  3. Changes: Facebook keeps changing its rules and terms of service and privacy settings. That’s not fair or respectful of people who have invested time and resources in uploading information about themselves under one set of rules than suddenly discovering its subject to different rules. “They keep expanding the amount of information that was being shared without any warning,” Hamlin says.

So what’s the alternative? Is there a way to get all the benefits of the social Web without turning over all that power to one entity?

Hamlin says yes, and the workshop, and related organizations that have grown out of it like the Open Identity Exchange and the OpenID Foundation have made a lot of progress developing the protocols and tools needed to create a more distributed form of identity, one that is built and controlled by the user rather than a single corporation. And she also notes that Facebook is part of many of these organizations and has taken steps to join this conversation by hiring folks like David Recordon who are long-time open identity advocates.

Hamlin is hopeful that these efforts are steps toward making Facebook more open. “Whether they’ll let you port all of your data out of Facebook, well, that’s another kind of open,” Hamlin says.

But the biggest challenge for open identity going forward is the issue of usability. Facebook is great because it’s simple. My mom uses Facebook. No tutorials needed. But services on the open Web tend to be developed by engineers who don’t have a good grasp on usability in the way Facebook or Apple does. So while those two companies are dinged for being too closed, the are popular with the mainstream because of their design.

Hamlin said bringing in that design mindset is an important next step for the open identity movement.  I agree. That may be the key to bridging a more open social experience to mainstream users. With folks growing anxious over Facebook’s power and thinking about issues like identity that were once relegated to inner geek circles, this could be a big moment of opportunity if the open identity movement can seize it.

Finally, here’s Hamlin’s presentation:


Tags: , ,


Share this Post

  • Time to jump ship – I’m fed up with all the dubious privacy policy changes right under our noses. I’ve moved stuff over to which is new but doing a good job of keeping my details private. Worth a try!

  • “The issue at hand is fundamentally about FREEDOM: the freedom to choose who hosts your identity online (with the freedom to set up and host your own)”

    Actually I tend to disagree with her. Just imagine how useful will it be for spammers to host their own identity. Websites will respond by blocking all such providers and only trusting the big players like facebook and google (which is the current situation actually).

    I agree that an open alternative to facebook is badly needed but not a distributed form of identity. The way I see it is that we need a single identity provider (just like facebook being a single identity provider) that’s not controled by any company. A non-profit foundation with the sole purpose of working as an identity provider. You might think this is bad in comparison to a distributed identity but the truth is identity is controlled by a handful of companies (the big players) and will always by like that.

    Facebook Connect succeeded for a reason, which is the user experience. Now compare this to OpenID and you realize why OpenID failed. Users need ‘one button’ to click on. One button called ‘Sign in’, that’s it.

    What we have now is user interfaces with way too many buttons, one button for each provider. How convenient is this for the user? Webfinger can make it a little easier but it has its serious drawbacks, like forcing the user to enter their email twice. It will also make email harvesting a lot easier than before.

    We already have aspects of the internet being controled by single entities, like IANA and ICANN, and we have very successful open projects, like, why not an open identity provider? It makes perfect sense to me. One provider with one user interface. Eventually, it should work with browser makers to integrate the sign-in experience right into the browser.

    I already registered the domain name for the project which is called (Sign Me In). I think the name will make it very easy for the users to understand the idea, which is exactly what’s needed for the user experience. There are many details involved, of course, but I won’t discuss them here for the sake of brevity.

    May be I’m too optimistic but actually I believe this could work if enough people support and work on the idea. If you find this interesting and you’d like to join in, please do and we could start discussing the details. If you believe this won’t work, I would very much appreciate the feedback.