who would you trust your identity to?
January 9, 2003
I mentioned earlier that the best way to protect your privacy is to control your identity. But, while proactive publishing of one's identity is a necessary step, one of the other aspects to controlling identity online that's going to become increasingly important is authentication. It's inevitable that open, interoperable systems for authentication will become widespread.
The question then becomes, "Who do you trust your identity to?" We've got the listless Liberty Alliance, AOL seems to have abandoned its Magic Carpet project to turn screen names and AIM identities into a single sign-in service, and Passport is hamstrung by widespread (and generally deserved) distrust of Microsoft. It doesn't seem like a single, monolithic login system will take control. It will be left to federated systems cobbled together across hundreds of sites.
The rise of federated authentication systems will mean that there will be dozens of identity providers, all trying to be the repository that provides your information to others on the web. There are lots of contenders in this space, such as Amazon and eBay, though neither does a good job of extending their authentication systems to other sites, with the exception of eBay's recently-purchased subsidiary, PayPal. There were a spate of other companies trying to hold your wallet for you, like Yodlee and Paytrust. But I wouldn't leave my identity in their hands.
So who does that leave? What company would you feel safe in giving control of your identity to? I've been pondering the idea for a while, as I think there's a strong consumer market for third-party identity services. My list of companies to whom I'd trust my identity right now only includes Google and Six Apart. Broadening things out a bit, I'd probably also let Matt manage my identity through my MetaFilter login, and I've got a high enough respect for Nick Bradbury's ethics and responsiveness to his users that if he were to switch businesses to something that managed logins, I'd use his service.
There are lots of other decent companies that we could trust to not be evil with our information, but these are the ones that I know well enough to say "Yeah, that'd be okay." What are yours?