Chris Pirillo has a beef with social networks. It's called identity. A poseur on Pownce has snatched his identity, and started to sign up unwitting powncers as his friends. People he doesn't know. People who don't know him.
Virtually all social networks suffer from the same problem. As networks proliferate, individuals can't be members of all networks, and are therefore vulnerable to having their identity spoofed on that network.
The solution is OpenID. Claim your identity once, and assert it on every site that supports OpenID.
To make that work, of course, folks on Facebook, LinkedIn, Bebo, Pownce, Twitter, and so on would have to follow Plaxo's example, and support OpenID for login. Even better than what Plaxo does (support OpenID or their proprietary login) would be to simply support OpenID. Period.
Alec Saunders is the Vice President of Developer Relations for BlackBerry make Research in Motion. This is his personal blog, with his personal viewpoints. Prior to this Alec was the CEO and co-founder of Calliflower — the easiest way to hold a meeting, online, on a conference call, or on the go. A double-decade veteran of product management and marketing, he spent nine years at Microsoft where he helped launch Windows 95, the first two versions of Internet Explorer, the Universal Plug and Play initiative, the push into home markets, opt-in email marketing and what might well go down in history as the very first direct email list ever.
{ 4 comments… read them below or add one }
I don’t see how OpenID will solve the problem. After all, I can have OpenID something like chrispirillo.mydomain.com and could have done exactly the same thing if Pownce allows for OpenID. A possible solution to this problem could be for Pownce to display the email id it used to authenticate when a person is in the process of adding chrispirillo to the buddy list.
you're right, Aswath, that OpenID alone won't solve the problem. However, a trusted provider of OpenID's would.
As I watch OpenID adoption, I wonder when someone will do this. It seems that AOL is the only company actively creating OpenID's for their users. To me that's a big step in the right direction.
I am sorry that I have to disagree on all of your points. First, other than AOL there are many providers like Verisign, MyOpenID and many others. They all will claim they are “trusted”. The problem is how will any of them ensure the person requesting Aswath Rao is indeed “the” Aswath Rao. Even if they do, what about all the other Aswath Raos? Even then how will they ensure that the picture I post of myself is indeed mine?
Secondly, the main idea behind OpenID is that there need not be one or a handful of providers; I can be my own provider. If you take that away, then you are back to “Passport” which didn’t go anywhere (for this specific reason, in my opinion). A Relying Party is at liberty to decide on which providers they will accept. But I just don’t see how the limited set of providers can assure nobody else use an identifier close to mine or the exact picture of mine?
The plain fact is that Chris Pirillo is irritated because somebody is using his picture and his friends have signed on without as much a question. No amount of technology can address his problem; rather, any technology can be circumvented to recreate the problem he is complaining about.
You’re right Aswath, and I had forgotten that Verisign was issuing OpenIDs.
Passport, in my opinion, failed because Microsoft was the company behind it. If it had been an open initiative, or run by Google, it might have had a better chance of success. In any event, the “missing element” in OpenID is validation of identity.
IF there was an open identity framework, and IF users could be validated, then openID would work.
You have the precision of an engineer, my friend, while I wave hands with the sweep of a marketer.