Friday, December 05, 2008

The Identity Wars Have Begun...

The battle lines have been forming gradually over the past two years, but now 2009 seems poised to become the Year of the Identity Wars.

For all of you social-network users out there, here's the deal. Many of us share the experience of first having, say, a MySpace account, only a few months later to create a Facebook account, and maybe again a few months later creating a Twitter or Digg account, etc. And whenever we're surfing the Web and want to leave comments or buy products on other sites, we have to create new accounts for them as well. Isn't re-entering our personal information and having to re-discover our "friends" a major pain in the rear-end?

This is the problem that social media companies are desperate to solve. What they all want to do is be able to say to people: create a profile and "friend" network with us, and you'll be able to use that information to login anywhere on the internet; bringing your "friends", your one username/password combination, and (ideally) your purchase history and credit card information with you everywhere you go. Rather than having several cyber identities, you'll have only one, housed with us, and you'll never need another again.

This utopian vision is closer than you think. The technology is already here, and the major companies already all have services designed to do exactly this. It's just a question of which will be the first to reach a tipping point of users adopting their service over that of their rivals.

On one side of the battle is the social media powerhouse Facebook. Its service, Facebook Connect, lets users participate on other websites, like Digg and CNET, using their Facebook IDs. The user also gets the option of re-broadcasting whatever they do on the third-party site on their News Feed within Facebook. The user can also match existing friend relationships on Facebook with those on the third-party site.

The major drawback to Facebook Connect is that the social data gathered in these transactions all gets fed back into Facebook. By implementing Facebook Connect, a site owner is agreeing to share any data it collects about users who log in using the system with Facebook -- and Facebook alone.

Users get the benefit of carrying all that Facebook friend data with them, but they can't use it anywhere else. If they want to broadcast their activities on Digg through some other means, like a Blogger blog, they're on their own.

On the other side of the battle is, basically, everyone else. Because Facebook is such a gargantuan foe, the field has teamed up and are all backing a service known as OpenID. Rivals such as Google Friend Connect, MySpace Data Availability, Yahoo, AIM, EBay, and more have all adopted OpenID in the hopes that it will become more universal.

There is a key difference in the battle between Facebook vs. The World: Facebook is one social network, while OpenID, led by Google Friend Connect, can be used by any site, service or social network that uses OpenID for identification.

In other words, Facebook Connect is completely useless to anyone who doesn't have a Facebook account, whereas OpenID can be made useful regardless of whether you have your account with Google, AOL, Yahoo, MySpace, etc. How much this will matter is the million-dollar question.

This battle will also pit two competing ideologies against one another: that of the relative merits between proprietary vs. open source systems. Facebook Connect is proprietary - meaning it's privately owned by one entity and therefore closed to everyone without express permission - while OpenID is based on open source technologies that can be shared and used by all. The casual user probably couldn't care less, however the community of web developers has been anxiously awaiting a fight like this for years, and the result will be sure to have serious consequences on business models in the foreseeable future.

All that said, my (ahem!) expert analysis leads me to believe that OpenID is definitely the better way to go from a developer perspective. It will allow programmers to more easily innovate fresh ideas while ordinary users will probably find it more helpful in their day-to-day cyber lives. However, the non-developer (a.k.a. - "normal human being") in me knows just how ubiquitous Facebook is and how devoted is its following. Despite the technical advantages of OpenID, it's going to be pretty hard to overcome the "human advantages" of Facebook.

But it should be fun to watch the Identity Wars play out, regardless.


At 9:18 AM, Anonymous Anonymous said...

Comment from Reddit:

Facebook Connect has got to be dangerous. It's too much power for one company - were talking about gathering information on your entire internet experience when you use it. With OpenID you could run your own OpenId server and then your credentials are definitely safe (read privacy, not security).

It's also dangerous in a "what if facebook goes down" scenario. You can't log into Reddit, your email, your facebook, your IM client etc etc. You're better off rolling a simple one yourself. In fact, they should make a really light-weight one (think sqllite) that is installed on ordinary desktops and ready to use. Integrate it with gnome-keyring or something similar, and use keys rather than IPs / URLs for validation (like ssh-keygen). This technique would be an easy to use, widely available backup system though. Anyway I'm drifting off into fantasy land with my thoughts on implementation.


Post a Comment

<< Home