A blog post not so far in the past - I basically had the same kind of evaluation of OpenID - it is a good system b0rked by useability and trust issues. As far as I'm concerned, I'm done bitching about OpenID and will not use it unless it's unavoidable, or unless its useability improves markedly. Meanwhile, I've got a suggestion to make:
How about keeping a personal ID registry someplace - just as ICANN keeps domain contact info and domain info already? Put it on the existing domain name infrastructure, you can then get on the Internet as an anonymous mug user who has to use usernames and passwords at every site, and if you want a common ID you contact them and pay for your screen name just as domain owners pay for a domain.
You would use an RSA active key synced to the root servers or to your local server, and that pretty much identifies you. Even a USB key based one that sends a keep-alive to the server on a regular basis, that way you don't even have to log out - just take your key with you and that's it - logged out of the machine, the websites, everything.
Yes, you lose your anonymity but come on - with several million surveillance cameras, your driver's license, social security and tax file numbers, bank accounts, etc - how much privacy do you delude yourself you currently have? Get used to it... As far as I'm concerned the advantages of this would outweigh any potential to lose more privacy than I already have lost.
Yes - the RSA keys will cost - but on the order of dollars, not hundreds of dollars. And yes, they are easy to lose - but (l)users will soon learn to have a bit of respect if they have to pay to re-register a new nickname and buy a new key every time they do something stupid...
And yes - there are hundreds - if not thousands - of spam and fake domains in operation despite the checking of namespaces, I agree. But that's a quite a few orders of magnitude less than there are zombie machines on the 'net today that would be totally boned if the USB key was removed at the end of the user's session and thus cuts all legitimate communications between that machine and the Internet.
There are totally bogus names and details in the domain contacts list, too. Yep, I'll totally agree. But they do function as an identity - they evaluate to one user somewhere out there in meatspace, and that's really all we want here, isn't it?
No comments:
Post a Comment