A Proposal to Fix Online Identity

Facebook's social graph of you isn't you. It's an approximation and an extrapolation based on little clues you've left lying around the Web. Using your Facebook or Google identity gives those services more data points about what you do, but that doesn't mean it substitutes for who you are.

The central thing wrong with the social Web is that users don't own their identities. Users share themselves with identity services - like Facebook and Google - that then act as representatives of the people using them. Facebook and Google allow other sites to rent those identities. But when you log in to a new service using Facebook Connect, you are actually constraining your identity to the Facebook version of it, though you're expanding Facebook itself. Do you want to be the same version of yourself everywhere else as you are on Facebook? Or Google?

Facebook & Google Act on Our Behalf

By doing things this way, Facebook, Google et al. can lend your name to things without really asking you, like ads and promotions of various kinds. You have implied your permission by "liking" things or "checking in" to places.

But you didn't create the ad. You just initiated an action that triggered it. Social applications that speak for us this way are using our identities without us.

Identity Is Prismatic

Our Facebook and Google identities are like constellations. The stars are our actions on the Web. Facebook and Google are on the ground, staring up at the sky with a bunch of marketers and advertisers. They're the know-it-alls pointing at abstract shapes and confidently labeling them with names.

But the actual user, not the vague constellation of her online actions, is a multi-faceted person. "Identity is prismatic," as Chris Poole says, and "Facebook and Google do identity wrong."

"It's not 'who you share with,' it's 'who you share as,'" Poole says. In other words, we're only presenting one Facebook-facing aspect of ourselves when we share online via Facebook. The advertisers who make Facebook possible don't have a full picture; they have a Facebook caricature.

Today's Social Web Is a Performance

The more about ourselves we share with Facebook, the more stars you can see in the night sky, the clearer the constellation appears. Hence, Facebook rolls out Timeline and asks us to share our entire life story.

But what Facebook has to acknowledge is that this is still a performance. It's a make-believe Facebook self. And Facebook's (and Google's) business consists of spinning that self on our behalf, mapping it and stereotyping it and selling it.

It's not wrong of Facebook or Google to do that, per se. But I have a feeling that better products, better ads, and a better Web would be possible if users owned their identities, showing as many (or as few) facets as they want to show.

A Proposal: Online Identity as a Fingerprint

Users should have signatures that are truly theirs, instead of their Facebook and Google guardians signing on their behalf.

Identity on the Internet should be embedded by the user like a fingerprint. It should be written into the digital material we make using hardware we have authorized. We should also be able to withhold it whenever we choose and make the content anonymous.

We should also be able to sign multiple and pseudonymous identities, but we'll have to hash that out later, as a political issue, once this is even technically possible. The first step is to create a protocol that lets us sign off the bits we've written as being of us, so that they remain identifiable no matter where the content is repackaged or republished.

Why Do We Want This?

We want this because it would delineate a difference between something we made or we said and something an outside service extrapolated about us.

We want this because it would simplify problems of attribution and copyright on the Web. If we didn't sign something we created, it would default to the other ways we deal with unsigned content. But content that is signed would have an unmistakable origin.


"There would be a layer of protection between who we declare we are and who companies assume we are."

We want this because it will make identity services like Google, Facebook and the rest compete honestly for our attention instead of boxing us into their worlds.


Facebook and Google can only make enough money from their profiles of us by tracking our activity and extrapolating who we are and what we do. But that would still be possible on top of a layer of authentic identity that those services didn't own. They would be able to compete based on whose recommendations were more accurate, but there would be a layer of protection between who we declare we are and who companies assume we are. We would no longer be tied to just one of those identity constellations.

OpenID is not what I'm talking about, either. It's more than just logging in to websites. This is something we write in. It's not a handle and a password. It's like one of those wax seals on a letter, except with Information Age security measures.

The Naïve Things About My Idea

Many things about my above proposal are naïve. Here are just a few:

  1. I am not well-versed enough in the longstanding projects of this nature that already exist, like GnuPG signing or Mozilla's BrowserID, to know what the challenges are. But I'm working on it.
  2. I haven't specified at which layer of the user interface this identity signature should take place, whether at the device level, the browser level, or what. Again, that's because I am not well-versed enough in the technical requirements of such a project.
  3. And yes, the inertia of moving away from siloed Web identities (Google/Facebook) towards this is unconscionably humongous.

So I know there are experts on these problems out there. Talk to me. What's right and what's wrong about this idea? Who's working on it? How is it going? Is it impossible? Is it unnecessary? Is it hopeless? In the interest of a better Web, let's talk about this.

See also: Scott M. Fulton, III's year-end post, "Issues for 2012 #3: Who Gets to Define Your Online Identity?"

Photo courtesy of Shutterstock