Do you trust your identity provider?

In a comment to my post yesterday, dsr brought up a very good point: trust in identity providers.

Consider — at the moment, the vast majority of users aren’t even thinking about this, but they’re buying into this brave new identity world by default.  They don’t care about “unified identity” or anything like that: they’re just enjoying the fact that OpenID and Facebook Connect allow them to remember fewer passwords.

Yet this casual decision, of using your Facebook or LiveJournal or whatever account to log into other systems, may have profound effects down the line.  If you use a single identity more and more, across a broad swathe of the Net, it becomes you in some very important ways.  The possibility of losing that identity, or losing control of it, becomes ever-more painful and problematic.

Pseudonymity actually makes this much worse.  When you are known by your real name, you generally have multiple avenues for getting the word out if an identity goes away — if this email address croaks, you can go to your friends face to face and tell them.  But if you are only known to a community through a specific online pseudonym, moving to a new one is kind of problematic, since they don’t have good ways to verify the move.

There is a lot of implicit power being handed to these identity providers.  Millions of people are beginning to use their Facebook login as their One True Online Identity.  That gives enormous power to Facebook — indeed, it’s probably the one thing that justifies their preposterous stock valuation.  And few have given any thought to what it might mean to them if, a few years down the road, Facebook were to start slowly making use of that power.

So — do you trust your identity provider?  It’s pretty clear to me that I don’t trust any of the major ones very much — are there lesser-known companies that are structured in ways to make them less likely to be abusive?  And which are stable enough?  That’s the flip side of the problem: you need to trust your provider to not become evil, but you also need to trust it to keep your identity running.

It does all lead me to wonder if there’s another step yet to come, of a more robust, truly distributed identity system, that would not leave your identity in any single hands.  Hmm…

4 Responses to “Do you trust your identity provider?”

  1. Joshua Kronengold Says:

    I’m a semi-paranoid person in this respect — if I were really to rely on an OpenID, I’d set one up on (which I, you know, own) and use that. That said, most people aren’t — do do this right, you’d need a non-profit (or coop) organization set up to handle identities and nothing but identities.

  2. Justin Says:

    I wouldn’t even necessarily trust a non-profit — the difference between for-profit and non-profit isn’t as great as people think, and non-profits can still do questionable things. There are plenty of non-profits whose decision-making structure is very insular and subject to Great Dumb.

    But I agree that something with a co-op structure, that is truly accountable to its members and has a clear charter in such matters, might work decently well…

  3. Chad Says:

    I’ve been mildly paranoid over long term application availabilities for a long time, which is why I’ve usually opted to run things myself. My own web pages, blog, email account, OpenID provider, even my own Jabber server, although that one was a ‘heck, why not’ option. In a few cases, I’m wiliing to trust a third party when its interests and mine are very closely aligned; I no longer host off my own box because a hosting company can do a better job, and they’re in the business of uptime and reliable, so I can trust them to want to provide infrastructure. I almost trust Google fully with my calendar, some of my email, and some of my documents, because they’re in the business of providing those services, and there’s a tangible revenue model for them in keeping the services operational.

    Identity? That one is a lot harder. If I lose some email, I’ll survive. If my calendar gets shared inadvertently, I won’t likely be hurt. If access to all my various web services gets handed over to a hacker, then I’m mightily pissed.

    Might I eventually trust someone else? Maybe. They’d have to work very hard to earn the trust, and they’d have to be easier that doing it myself. To be blunt, OpenID was designed to make it easy to do yourself, so that’s a huge barrier to my adoption of a third party.

    Distributed is an interesting idea, because even running it myself I have minor quibbles about losing control. My identity and my reputation, socially speaking, are already distributed or federated across the services I use – I have identity on LJ, but also on twitter, for instance, and depending on who is reading me, it can be a non-overlapping, or partially-overlapping identity. Why not distributed identity authentication as well?

    Actually, in theory, I could have that with OpenID. Just because I run my own provider oesn’t mean I couldn’t _also_ use others, but there needs to be some way to connect them together, in a way that would be recognized at the provider level and the service level. I know of one webapp ( that allows an account there to be associated with multiple OpenIDs, but that is only a service-level solution.

  4. dsr Says:

    I think the idea of a cooperative to provide identity services is a good idea. Not to save costs, or to simplify things, but to provide a trustable “mixmaster” behind which stands a group of people who can be relied on not to screw each other over or hand over information to the FBI without a subpoena. Not having information to hand over is useful, too… running services without logs of who queried what.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: