I hate the idea of Passport. I don’t want anyone knowing everything (anything?) about me. But for a certain, large percentage of users, a centralized online identity may be appealing. I manage a few mailing lists and subscribers’ email addresses change frequently. Surprisingly few people own permanent, personal domain names like bruceepstein.com. For people whose primary web access is through their employer, or novices who don’t understand that they can’t keep their AOL email address if they leave AOL, a stable identity server might prove attractive.
Defining one’s online identity is elusive. Few people present themselves as 3D avatars on a daily basis (although I know several women who intentionally go by androgynous names online). We’ve all heard of “identity theft” in which someone steals another’s credit cards or social security number. Are biometrics (fingerprints, retinal scans, etc.) the answer? Mike Loukides of O’Reilly points out that biometric security can be compromised, at which point, you’ll find it hard to change your retinal pattern or fingerprints.
So are we better off using our true identities or an abstraction thereof? Once our online transactions are identified with the abstraction, doesn’t the abstraction become our primary identity? For example, most of my professional colleagues know me primarily by my email address. To date, it is easier to change snail mail addresses than email addresses.
When the community becomes large, it becomes impossible to define ourselves solely by, say, our first and last names. However, there are drawbacks in abstract identities, like social security numbers, that can be stolen. At present, my favorite solution is an abstract identity whose particulars are under my control. For example, I prefer to use an online identity such as “email@example.com” because I am the owner of the zeusprod.com domain. I can change ISPs at will without having to change the face of my online identity. But most computer users don’t understand that they’ve created identities tied to their ISP, until the ISP goes belly up. Even those who understand namespaces might already have a vested interest in identities they don’t own (such as company email addresses). I haven’t used my AOL account in 5 years and I still get a few emails a year from old contacts at that address.
AOL, Yahoo, Juno, and HotMail realize the value of namespaces and many universities offer permanent addresses and free email forwarding for life to alumni. Many of my relatives and colleagues use university email addresses for both prestige and convenience. I’d prefer to preserve a modicum of anonymity, thank you. It is none of your business where I went to college.
What are your biggest concerns about managing your online identity?