Related link: http://my.yahoo.com/
Who owns your online identity? Do you? Most likely, you don’t — almost all Web sites that have a concept of identity do (and badly want to) maintain an identity profile for each of their users. At the end of the day, that identity belongs to them, not you. A note I recently received from Yahoo illustrates this nicely, and serves as a good warning for users of online identity systems.
I started using Yahoo when my friend Nelson Minar pointed it out to me in late 1994. In early 1996, when the company launched its excellent personalized site, ‘My Yahoo!’, I quickly signed up with the username ‘hedlund’, and My Yahoo became the page I used as a home page more often than not. Over the years, I have been happy with the services Yahoo provides, and I’ve extended my user account to use travel services, mapping tools, instant messaging, online games, movie listings, and other resources. Yahoo has done a great job of making their services more and more useful to me, and at the same time, incrementally building a larger and larger set of profile data on me. This was useful to me itself, and it seemed well worth trying the Yahoo version of some new service before any other, since it allowed me to avoid entering the same personal information again and again.
The other day, I found this in my mailbox:
From: Yahoo! Account Services <email@example.com> To: firstname.lastname@example.org Subject: Please change your Yahoo! ID Dear [user], We are improving our service by merging pools of user names from different countries into a global community. You'll get access to more people around the world through such services as Yahoo! Messenger and Chat. Unfortunately, you will need to choose a new Yahoo! ID, as there is another person currently using [user]. Your personal preferences will be saved and transferred to the new Yahoo! ID you select below. We apologize for the inconvenience this may cause you. [...]
The note went on to explain that Yahoo would transfer my personal data over to a new account, that my instant messaging buddies would receive a “change of address” notice for me, and that for the most part this name change would be smoothed out however possible.
When I wrote to complain, I received this in reply:
[...] We know that you've been an active, loyal user for a long time, and we consider you a very valuable user. The other person using the same name is also a very active, loyal user. We had to look at the way each of you were using Yahoo!, and determine which of you could be migrated more easily. Unfortunately, it turned out that it was easier to transfer the properties you are using to a new Yahoo! ID. In no way was this a reflection on your value to us as a Yahoo! customer. Again, we apologize for the inconvenience, and we appreciate your patience and understanding. [...]
I’m guessing, but I would imagine that what has happened here is that someone in Sweden (where my last name is fairly common) registered with Yahoo! Sweden (which launched in November, 1997) using the name ‘hedlund’, and that merging the Swedish profiles with the United States profiles created a namespace conflict. Since I don’t use ‘hedlund’ as an email address at Yahoo, perhaps the other person does and the merge falls in their favor as a result. (One executive from another online provider once told me this process was called profile ‘harmonizing’ in their company, and that their engineers liked to joke, “We put the ‘harm’ in ‘harmonize’.”) Maybe in 1997 it seemed like a good idea to keep the namespaces seperate, but now the namespaces need to be merged for some business reason, and if there are a few bumps along the way, such is life. Yahoo likely assumes that if they can minimize the pain of transition, almost all users would go along with the change — and this is probably a good assumption.
I’ve decided not to go along with the change. Instead, I’ve decided to delete my Yahoo account (you can delete your Yahoo account by visiting <https://edit.yahoo.com/config/delete_user>), and use their services anonymously or not at all. I would have preferred that they use a “first-come, first-served” policy in merging profiles, since this would likely have benefitted me; but that just shifts the problem to some poor Swede, so I wouldn’t want that, either. More to the point, I am put off to have such a clear message from Yahoo, such a strong statement that “we own your name — not you.”
The Web has grown to the point where many of the functions at which Yahoo excels are provided by more than one good source; and in any case none of the services I get from Yahoo are essential. In some cases, the services available elsewhere are better — for instance, MapQuest, which powers the
maps.yahoo.com site, provides a richer interface and better tools on their
www.mapquest.com site. In other words, competition exists. In the realm of aggregated profiles, at least two large competitors (MSN and AOL) vie with Yahoo for users, and each succeeds by different metrics.
Unlike a particular service such as map display, however, identity is meaningful and important to online interactions, and the switching cost for identity is much higher. We use our email addresses and instant messenger names to identify ourselves to our peers, and they in turn use these names to sort out personal messages from a flood of spam and other unsolicited marketing. In some contexts, such as PGP encryption, our email address is used as a key for positive identity confirmation. When we select an account name, it is something of a commitment for us — we have to remember it and re-enter it to access new services or reconfirm who we are. These accounts in turn are supposed to protect our credit cards, addresses, purchase records, and the records of what we do on the Web. As Yahoo’s profile was useful for me, many times this aggregation can create convenience for users. On the other hand, sites that try to control your identity are certainly not doing it for your benefit — AOL doesn’t allow you the convenience of forwarding your email because they know email is their best hook to draw you back to their service every day. (Instead of “You’ve got mail,” they should really say, “We’ve got your mail!”)
I appreciate that Yahoo is in a bind, here — they made a mistake four or five years ago, and now some market pressure is forcing them to correct this mistake with a move that will disconcert some of their users, as it has me. Even if this is not the result of a mistake in namespace planning, the same issue will arise when companies like Yahoo acquire other companies like GeoCities, which maintain separate namespaces and which need merging (or ‘harmonizing’) into Yahoo’s business. Though caught in this bind, Yahoo made substantial efforts to smooth the transition, no small challenge.
That doesn’t make me any happier to receive a forcible name change in the mail. What, then, is the lesson to consumers? The lesson should be clear: you cannot entrust your online identity to a business if that identity is meaningful to you. If you want or need your online identity, you must maintain it yourself.
I learned this many years ago with regards to email addresses. Rather than using an employer’s domain name, or using an ISP’s domain name, I registered my own domain and I have all mail sent to that domain forwarded to me. (Cool trick: when you register for an account at, say, Shockwave.com, give your email address as “shockwave.com@<mydomain>”. That way, when Shockwave.com sells your address to spammers, you’ll get spam sent to that address, and you’ll know not to do business with shockwave.com again. And yes, shockwave.com really did this with my account…) All of the ISP’s I’ve ever used have long since been acquired, and I’ve changed jobs several times, so maintaining my own domain has let me stay in touch with people I might otherwise have lost in transition. (Interestingly, Earthlink, an ISP that has acquired a great many other ISPs, continues to maintain the original domain names of the companies they’ve acquired, avoiding the need to harmonize and letting their newly-acquired customers keep their old addresses. Nice job, Earthlink.)
There is an opportunity for software businesses that would put identity control directly where it belongs: in the hands of consumers. Some products, such as AdSubtract, already are succeeding by making the Web easier to use while returning control over personal information to users. There are, however, plenty of other uses for a user’s local hard drive, and the successful companies will find a way to combine privacy (which tends not to be a great selling point) with performance and features (each of which do sell).
Conversely, consumers should look at the new wave of identity management services with some suspicion. The most famous of these, Microsoft’s Passport, offers identity and wallet management across a range of sites. While the benefits to the company are clear, the benefits to users are much more murky when compared to keeping their identity in their own back pocket.