Variable pricing based on market timing, inventory and profit margins is nothing new for business. Airlines, hotels and restaurants have long employed "yield management" techniques to maximize revenue. But pricing changes are now coming far faster and affecting more products and services. And retailers are beginning to flirt with new factors like identity-based pricing, where what you pay is based on who you are.

A new report from the Wall Street Journal reveals the details of online competitors' pricing strategies, watching up to nine changes in price within one day for a General Electric microwave oven.

"Sellers on Amazon.com Inc. changed its price nine times in one day, with the price fluctuating between $744.46 and $871.49, according to data compiled by consumer-price research firm Decide Inc… Best Buy Inc. responded by lifting its online price on the oven to $899.99 from $809.99 after the Amazon prices rose, then lowering it again after Amazon prices for the oven dropped," the article reported.

This practice, known as dynamic pricing, is increasing in frequency as online retailers jockey for position on price monitoring sites like Pricegrabber and Nextag and within meta-commerce portals like eBay and Amazon itself, where merchants position prices against each other to gain coveted promotional spots that can drive sales.

Yield Management ≠ Dynamic Pricing

Because of these rapidly moving prices, many observers liken this phenomenon to the "yield management" techniques popularized by airlines, hotels and even restaurants (see How Airline-Style Yield Management Could Save Daily Deal Sites). While these practices may appear identical to the consumer, the business motivation behind the price shifts are much different.

Yield management is a business practice used for resource-limited goods and services, such as a spa appointment or a hotel room or a table at a restaurant. There is a finite supply of these goods and services throughout any given day - and the slots become worthless if left unfilled. Because the spa, hotel or restaurant has to stay open and keep staff paid for the entirety of their business hours, the more resources that get used, the better. Yield management has one specific goal: getting customers to buy a resource that might otherwise go empty - like an airline seat - at the highest possible price.

When a plane flies, it's going to fly no matter how many seats are filled. That means every empty seat on an airliner (no matter how much appreciated by flyer in the next seat), represents a loss for the airline. Better, the carriers reason, to have a passenger pay something, even if it’s less then the optimal fare, than get nothing at all.

The Dynamic Pricing Difference

Enter dynamic pricing. Depending on when the passenger bought the ticket, the airline’s yield-management algorithms will have adjusted the fare to ensure that the carrier leaves as little money on the table as possible.

For retailers, the motivation behind dynamic pricing is a bit different. The object of their game is to get as many goods out the door and into customer's hands as possible, while making the maximum profit. But other factors come into play. Unlike brick-and-mortar retailers, which can sometimes worry less about competitor pricing if that competitor is located all the way across town - too far for customers to make the trek just to save a few cents - online sellers have to treat every ecommerce site as a potential competitor.

Thus, shoppers will often see prices adjusting for various goods as sites like Amazon and Best Buy try to keep their profit margins as high as they can, while also grabbing customers from each other.

To get an idea of how much these prices shift around, the owner of one price-watching portal site, Digital Folio, tracked one camera's price rises and falls over a ten-day period and reported his results on YouTube. Not only did Patrick Carter track a lot of price movement for the camera, but he noted that many of the shopping portal sites like Pricegrabber and Nextag had trouble keeping up with the changes and often reported inaccurate results.

Dynamic pricing is slowly making its way into more and more aspects of consumer's lives. YieldStar and Rainmaker are software products that enable landlords to apply dynamic pricing to rental properties, based on yield0management principles. Major league sports teams are also using dynamic pricing to sell more tickets, avoid empty seats and maximize the revenue that goes to the teams, not to scalpers.

The Rise Of Identity-Based Pricing

Dynamic pricing doesn't just take the business and its competitors' margins into account. Online commerce sites are also experimenting with identification-based pricing, which prices items based on what is known about the customer, such as their buying history and browsing behavior. This can have both good and bad implications for the shopper.

On the plus side, if a site recognizes that this is the umpteenth time the same customer has window shopped for a particular item, an algorithm may try a lower price, just for that customer, to see if that will close the sale.

But if the site notices the customer has a history of buying high-priced items, it might presume they're willing to pay more for a given item and offer higher prices or more expensive choices, as Mac-using Orbitz customers learned to their dismay this summer.

Using identification-based pricing carries risks for retailers, too. A 2004 article in the Journal of Interactive Marketing revealed that "consumer perceptions of trust, price fairness, and repurchase intentions were more favorable to the firm when using a purchase timing tactic than when using buyer identification to offer different prices to different segments."

Consumers, the paper's authors concluded, trusted price changes made by an ecommerce website when it was done based on timing or other business-related reasons, because that was perceived as fair and understood as the way businesses work. But when it came to the identity of the consumer affecting prices, shoppers quickly became uncomfortable.

But given today's emphasis on mobile transactions and personalized shopping - not to mention increasing online competition and margin pressures - identity-based pricing isn't likely to go away. Look for more and more retailers to gradually expand dynamic pricing criteria beyond timing and inventory to who is the customer. It won't make privacy advocates happy, and it could scare off shoppers in the long run, but in the current economy, it will be hard for e-tailers to resist anything that boosts profits right away.

People search engine Pipl's people search API is now out of beta and open to all developers. The API can be used to bring a variety of information about an individual, from social networks like Facebook and LinkedIn to government resources like the United States Patent and Trademark Office and county clerk offices, into any application.

Customer ID, Social Context and CRM

Pipl’s Chief Revenue Officer Jonathan N. Schreiber says the API could be used for customer identification or verification, or to add social context to applications, such as customer relation management (CRM) systems. In this way, Pipl will compete with people-data providers like Rapleaf, which powers services like Rapportive. But it’s a flexible API and could be used in a number of unforeseen ways.

The API, built using Mashery’s platform, is designed to let developers use the GET command to retrieve Pipl’s search results in JSON on XML format, says Schreiber. Developers can specify a specific type of info they want, such as a mailing address, or just the full search results. The results are time-stamped and include a score that reflects how confident the Pipl service is that it has the right person.

Much of the data that Pipl finds is not normally accessible through Web searches but is still publicly available. According to Schreiber, Pipl uses only publicly available, non-logged-in information and respects robots.txt instructions to avoid the collection of information that’s not meant to be crawlable.

Schreiber describes Pipl as a “real search engine,” not a metasearch engine. It doesn’t query each source for each search - it has already crawled and indexed all of this information. Pipl also performs recursive searches: Once it finds an email address associated with a person, it goes back and uses it to find more profiles and information associated with that email address.

Creepy or Not, Here It Comes

This may sound a bit creepy, but Schreiber also says that although Pipl will try to determine an individual’s email addresses, the search engine will never return email address results to users. In fact, Pipl may actually prove useful in cleaning up online profiles by exposing old profiles and information.

Nevertheless, services like Pipl and other people data search engines like Spokeo have proven controversial. See ReadWriteWeb’s recent post: Here Are 20 Companies Who Sell Your Data (& How To Stop Them). While there are plenty of innocent uses for an API like this, it’s not hard to imagine developers using this API to do some unsettling things.

Lead image courtesy of Shutterstock.

The reason for that requirement, Mixel co-founder (and former NYTimes.com design director) Khoi Vinh explained, was real names. Vinh wanted to build the Mixel community around real names, not anonymity or pseudonyms. "We think this is essential to the kind of experience we're building: a family-friendly environment that's suitable for just about anyone," he wrote.

At the time, Facebook was pretty much his only option. But that is starting to change. And as proving your online identity becomes more important, it's a valuable race for the players involved to win.

Perhaps Facebook's biggest competitor is now Google+. With 90 million users, it is still significantly smaller than Facebook, which boasts more than 800 million active users. But as Google integrates Google+ into more of its services, that number should grow. Facebook should easily beat Google+ to 1 billion users, but with Google's reach in search, mobile services like Android, and YouTube, the race to 2 billion could be closer.

Twitter, too, is a worthy competitor in the online identity race. The company famously doesn't verify real names — mainly for celebrities and brand partners — and it's hard to imagine a time when Twitter would require your real name.

But Twitter does seem to be favoring real names these days: They are now displayed by default — when available — on its website and in its official apps.

Twitter may have other reasons for that — the number of "pretty" usernames without numbers will eventually run out. But Twitter also clearly has interest in serving as an identity tool — its co-founder Jack Dorsey, also a founder of mobile payments company Square, even speaks of using your Twitter account as one way to justify your financial trustworthiness. So if Twitter can serve as a reliable source of your consistent online identity — even if it's not your official, real name — that seems valuable.

Other large companies, such as Apple, Amazon, AT&T, and Verizon, boast tens of millions of real-name accounts, many with credit cards attached to them. That is incredibly valuable to those companies, as it permits frictionless authentication and commerce for new services and devices, such as Apple's App Store and Amazon's ever-growing digital marketplace.

But with high public sensitivity over financial information and the idea of identity theft — plus the competitive advantage of keeping that data in-house — it seems unlikely that Apple, Amazon, or the others would simply open their identity services to developers. So for now, inherently "social" services like Facebook, Google+, Twitter, and LinkedIn — each with many millions of users — seem most useful as web identity-verification services.

This all begs a bigger question, though: Whether real, birth names are actually the best way to identify ourselves in an increasingly digital society.

To varying degrees, governments and financial-type companies mostly require you to have and use a name, as they have for centuries. The digital revolution, however, started within our lifetimes, and may eventually dictate new identity norms. In many online communities, anonymity — or at least the ability to use pseudonyms — is expected and sometimes demanded. If that becomes more common, who knows what offline human naming conventions will look like in a few decades.

Google, for one, recently announced an interesting new policy change for Google+: In addition to real names, it will also start allowing individuals to use consistent, established "alternate names." These range from established offline pseudonyms like Madonna to online nicknames "with a meaningful following." It still seems to prefer real names — see Google's naming policy — but there's some wiggle room now.

For now, it seems the more formal a digital community, the more your real, proper name matters — or at least a provable, consistent alternate. And as long as that's the case, the race to hold, secure, and pass along your identity will be a valuable one.

Facebook COO Sheryl Sandberg, speaking at the DLD conference in Munich this week, attributed the trend "from anonymity to authentic identity" on the Web as one of the main reasons that social media has become such an important part of daily life. "What we do online is increasingly about who we are," she said. "We are our real identities online."

You can be confident that Facebook enjoys its status as the top identity gatekeeper, and is very protective over it — it's worth a lot.

Meanwhile, Mixel — the company that got flack for its Facebook/real-name login requirement — has been integrating Google+ authentication support into its product, and it eventually plans to support the new "alternate" names feature.

"We like what Google+ is doing for alternate names — an 'authenticated' or 'established' name is good for us too," founder Khoi Vinh says.

Photo: Paulo Brandão via Flickr (cc)

Whereas submissions to the PostSecret blog are curated by hand, the app was an experiment allowing any iPhone user to generate secrets instantly and anonymously. Warren says that users shared over 2 million secrets, and that "99%" of them "were in the spirit of PostSecret." The app launched in September, becoming the best-selling app in the U.S. and Canada overnight. It is now gone from the iTunes store, the Android version never arrived, and the PostSecret App website no longer loads.

The PostSecret app was a brave thing to try. Even though it was clunky and slow, we praised it for the privacy and anonymity it provided, allowing users to submit secrets without fear. Unfortunately, this anonymity proved too much for volunteer moderators to handle.

"The scale of secrets was so large," Warren says, "that even 1% of bad content was overwhelming for our dedicated team of volunteer moderators who worked 24 hours a day 7 days a week removing content that was not just pornographic but also gruesome and at times threatening." In my experience, that 1% figure sounds a bit conservative. The chances of seeing something gross were pretty good on any given night.

Warren says that he had to remove the app from his own daughter's phone weeks ago. Bullies and creeps overloaded the app, and Warren and the moderators were unable to find a solution. At one point, the moderator team tried pre-screening 30,000 secrets a day, but they couldn't stem the tide of unsavory secrets.

Warren calls the now-defunct PostSecret app a "good faith experiment," but it's also an unfortunate lesson in the necessity of curation. It raised the privacy bar for app developers, but it opened up a Pandora's Box of backwardness in doing so. The app was rife with penis pics, vicious attacks and other disturbing messages. It was a valiant attempt to allow millions more to share their secrets, but for now, the PostSecret project will go back to its roots as a hand-curated blog.

Those who paid for the app can take comfort in the fact that their $1.99 supported an organization with good intentions.

Did you use the PostSecret app? What did you think of the experiment? How do you feel about the app shutting down? Share your thoughts in the comments.

The move is an improvement in relevancy of information feeds in social profiles and it demonstrates an intelligent system for delivering information and encouraging interaction on the world's largest social network.

Facebook released two formats for receiving updates while on the social network. This was at a time when the release of other key features was beginning to create information overload.

One format is an updates ticker that allows for joining real-time conversations based on customized selection options. The other is a news aggregator, which functions as a newspaper, to keep users informed of the most important events and posts they have missed while they have been away.

The ticker is the most simple and straightforward feature. It makes it very easy for you to select whom you want to receive news from, and how often you want to hear from them.

When those people post updates - and they are selected as someone you want to hear from more frequently - you will immediately be alerted to join the conversation. Less relevant people will not signal as often or immediately.

It's kind of like being able to predict frequency and then assign a value to the number of times your annoying Aunt Betty calls you to tell you again about the neighbor's cats. In this way, you are judging just how close you want to be to Aunt Betty - and her cats - regardless of how close Aunt Betty wants to be to you. It's a subtle move by the engineers at Facebook.

Facebook is also changing its news feed, moving away from the rather clumsy "Most Recent" and "Top News" tags.

Facebook has made it so that if you are one of those people who spends a few weeks away from Facebook at a time, the next time you log on, you will see all the most important things you missed while you were away, arranged like it was a magazine or newspaper, with big pictures and easy to navigate buttons.

The rollouts today bring some solutions that calm the information storm fired up after the company rolled out Subscriptions recently.

Once it became possible to follow anyone (if they enabled the feature), the noise to signal ratio went haywire. Suddenly, it was Aunt Betty updates to the nth power. With this new feature, I can pretty much customize my feed so that everything makes sense, and I am not overwhelmed by noise.

Finally, it appears that a social network with over 750 million users has finally figured out how to act socially.

Image via Facebook.

The idea of broadcasting your darkest secrets across the Internet might sound counter-intuitive, but the app does an amazing job of reassuring users of their privacy and security. Not only has PostSecret built a heartfelt, loving application, it has raised the privacy bar for app developers everywhere.

Keeping a Secret

If you choose to save a list of your secrets on your phone, which you don't have to do, it's password-protected. You can connect to Facebook or Twitter to share links to interesting secrets you discover, but the social settings page reassures you that the services "are never connected in any way to secrets that you submit." The introductory splash screen says that users' identity, location and secrets will never be connected to one another. The app won't even know your name.

The app was designed in partnership with Bonobo Labs, and it takes the familiar iPhone tropes for social photo apps and makes them its own.


An Intimate Experience

The navigation is familiar, but the textures and fonts are dark and soothing. The graphics are a lot to take in at first; the map view is especially hard to navigate and slow to respond. But this app extends the comfortable touch of the barebones Blogger-powered PostSecret website into an intimate touchscreen experience.

Another aspect of the PostSecret project enhanced by the app is commenting. On the weekly blog, Frank Warren, PostSecret's creator, curates some email comments regarding individual secrets and inserts them between images, often setting up interesting - if artificial - dialogues. Now, with the app, readers can engage in threaded discussions on each secret, but comments are posted as their own secrets, with the app's typography and one's own chosen background image.

This app enables people to air their deepest secrets and share them with one another, but it still maintains a safe space.

Update 11/12, 5:50 p.m.: The app's performance can be pretty slow, but Warren says there's an update coming soon. There's also a key feature missing; you can't yet view replies to your own secrets. But Warren reassures us: "We think that is an important feature too, and it will be included in the first update due out this week."

Strength in Sharing Secrets

Warren has published the sites most beautiful secrets in books, and he speaks publicly about the power of the project. According to the blog, within 24 hours of its launch, the PostSecret app became the #1 best-selling App in the U.S. and Canada.

The app is available now in the iTunes store, and an Android version is coming soon.

Do you read PostSecret?

The ACLU wants to know how law enforcement obtains and uses location data from cellphones. Are they contacting the cellular operators directly? Are they issuing warrants to the operators? If so, is the person who owns the location data aware of the warrant? The implications are far reaching. Law enforcement's access to location data affects law-abiding private citizens, not just those involved in criminal activities.

Imagine if the nazi special police, the Gestapo, had access to every individual's location and habits and were able to track people wherever they were and by what they were doing. There would have been no leaders left to fight the Third Reich because the special police would be on top of suspected individuals before they even knew they were being followed. That is an extreme example but it drives the point home: law enforcement's use of location data sets a scary precedent.

See the map below for the states that the ACLU requested records from.

The ACLU wrote in a blog post:

One's location might reveal "whether he is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups -- and not just one such fact about a person, but all such facts."Okay," I hear you thinking, "Right, but I'm not a criminal. Why should I care?" Think again. Law enforcement's use of cell phone location data has been widespread for years.

The ACLU notes that senator Ron Wyden (D-Ore) asked the head of the National Security Administration Matthew Olsen whether cellphone location data could be used to track U.S. citizens. Olsen replied: ""There are certain circumstances where that authority may exist."

In spook-speak, that means yes.

Prior Cases & Precedents

There are two main cases that the ACLU points out as dangerous precedents. One is the "Scarecrow Bandits" incident, in which a group robbed 20 banks in the Dallas area in 2008. The FBI wanted to get the cellphone location data of every person who was near a specific bank at the time of the robbery. Another instance was in Michigan when law enforcement wanted the cellphone data of people who planned on organizing a labor protest.

There is also the rising use of digital forensics by law enforcement in the field. Dell makes a portable digital forensics unit that can be used to access the data of any portable or mobile device (laptops, smartphones, tablets etc.). For instance, people could get pulled over and a police officer could scan their phone for who they called last, where they are coming from, where they have been and who is in their contacts list. This is not location-specific but unwarranted use of digital forensics is still a concern for privacy advocates and civil liberties groups.

In more recent history, the prime minister of the United Kingdom David Cameron, wants to ban people from using social media in the aftermath of the London riots. It is imaginable that the British police are attempting to gain location data at this very moment about participants in the riots and looting. People who own a flat above a shop and barricaded themselves inside their apartment might then become suspects based on the location of their cellphones at the time. It is a definite possibility that innocent people could be persecuted because of where their cellphones said they were at a particular time, even if they had nothing to do with nefarious events around them.

In terms of the records request, the ACLU is specifically looking for:

• whether law enforcement agents demonstrate probable cause and obtain a warrant to access cell phone location data;
• statistics on how frequently law enforcement agencies obtain cell phone location data;
• how much money law enforcement agencies spend tracking cell phones and
• other policies and procedures used for acquiring location data.

Senator Wyden and a Republican House representative Jason Chaffezt have introduced bill that would create location privacy protections for citizens against unwarranted snooping from law enforcement and the commercial sector.

We have been in touch with the ACLU of Massachusetts (this reporter is based in Boston and has a history dealing with the ACLU regarding cellphone and law enforcement issues) about obtaining the data that law enforcement hands over in regards to the records request. We want readers of ReadWriteWeb to know how law enforcement is using their data and will share that information if and when we get those records. In the meantime, let us know in the comments your thoughts about law enforcement potential use of cellphone location data. Who is to blame? The devices themselves? Zealous law enforcement? The carriers? The U.S. government for allowing this to happen?

It's no question that social media reputation has become the influencer metric du jour, but we've yet to see an all encompassing platform that isn't gameable. Social stock market site Empire Avenue is certainly no exception.

Founded in Edmonton Canada in late 2009, the site allows users to sync their social media profiles to a Web interface and calculate a personal value and share price. From there you can buy and sell shares in companies and people on a virtual stock market based on the perceived value of their online reputations.

Empire Avenue users earn virtual currency and reputation points in a variety of ways including:

1. by successfully forecasting and buying stock that sees an increase in social value over time;
2. by earning endorsements and recommendations; and perhaps most importantly,
3. by reaching large social media audiences.

But just as Twitter's mainstream debut marked an increase in follower baiting and follower purchases, Empire Avenue's rise in popularity has also lead to an increase in abuses.

Basically you're looking at chatrooms full of virtual collusion and insider trading. For an early-stage startup, this may seem like a great problem to have. It's clear that if users feel the need to cheat your system, then your company is popular enough to matter.

But from a reputation management standpoint, this poses a conundrum. How do you separate the wheat from the chaffe? It's suspicious that super blogger Robert Scoble's social stock price is rivaled by unknowns who've published less that a dozen pieces of popular content in their lives. As a reputation management system, shouldn't your own company strive for trust amongst its users?

If engagement in the form of retweets, comments and Facebook likes are the new measurement for online influencers, then Empire Avenue's intended mechanics make it literal. But in order for any reputation-based community to be meaningful, it needs to mitigate against a land grab mentality and protect itself against unsavory users.

For the company's sake, I hope it's able to tweak its mechanics and correct for this. After all, online reputation startups should know better than anyone that success hinges on whether or not your trustworthiness becomes viral amongst key audiences.

]]> http://readwrite.com/2011/04/26/reputation_management_services_should_practice_what_they_preach http://readwrite.com/2011/04/26/reputation_management_services_should_practice_what_they_preach Digital Lifestyle Tue, 26 Apr 2011 08:00:00 -0700 Dana Oshiro

As the creator of one of the Internet's most base, vile and creative websites, 4chan founder Chris Poole knows a little bit about the effects of user identity on user behavior. 4chan, a completely anonymous, real-time message forum, is the birthplace of many an Internet meme and user identity, or the lack thereof, can play a big part in this.

Poole spoke about the collaborative, creative process today in his keynote address at SXSW in Austin, Texas, spending some time on the topic of identity and authenticity. In this horserace, Poole unsurprisingly comes out on the side of anonymity.

The topic of authenticity has been in the news as of late, with the introduction of Facebook-powered comments on the Web and on sites like TechCrunch. The issue at hand is whether or not forcing users to connect their comments with their real identity will stifle expression. Will users be as honest, as authentic, if they have to connect their real name to what they say?

Some, such as blogger Robert Scoble, argue that linking comments to Facebook identity increases authenticity, not only by adding context to what people say, but also that people cannot anonymously pose as other people. Poole, at least when speaking of authenticity in terms of creativity, appears to take quite the opposite position.

"Anonymity is authenticity," said Poole. "It allows you to share in an unvarnished, unfiltered, raw and real way. We believe in content over creator."

Of course, when we speak of 4chan, we're talking about a collection of memes and creations that few bloggers or publishers would want to grace their comments section. 

Poole argued that identity can stifle content creators (whether commenters or otherwise) because of what's at stake.

"The cost of failure is really high when you're contributing as yourself," said Poole. "To fail in an environment where you're contributing with your real name is costly."

On this point, Scoble had a very different opinion when he wrote last week. "REAL change comes from people putting their necks on the line. I couldn't remember a time when an anonymous person really enacted change in, well, anything. It's why I sign my name to everything, even stuff that could get me fired," wrote Scoble.

What do you think - do you want Poole's version of authenticity? Will anonymity always lead to the variety of creativity we see on 4chan? Or is anonymity a necessary party of true honesty and authenticity?

Last week, a new toolbar began appearing on Google for user and some took it as evidence of the ever-elusive "Google +1" or "Google Me" social network. Today, Google explained the appearance of this part of the bar as a simple method for users to keep track of what identity they're using as they browse online and use Google services.

In a blog post entitled "The freedom to be who you want to be..." the company explains that the toolbar help ensure users "know exactly what mode they're in when using Google's services."

According to Alma Whitten, director of privacy at Google, there are three basic forms of identity a user can assume when using Google's services and they should be aware of which one they are assuming at any given time.

We've been thinking about the different ways people choose to identify themselves (or not) when they're using Google--in particular how identification can be helpful or even necessary for certain services, while optional or unnecessary for others. Attribution can be very important, but pseudonyms and anonymity are also an established part of many cultures -- for good reason.

When it comes to Google services, we support three types of use: unidentified, pseudonymous and identified. And each mode has its own particular user benefits.

Whitten explains that unidentified is not fully anonymous, but rather tracked by IP. Nonetheless, Google doesn't "link that information to an individual account when you are logged out." Pseudonymous allows users a consistent identity, but "one that is not linked to their offline self." Identified is just that. It's for times when "you want to share information with people and have them know who you really are."

"Equally as important as giving users the freedom to be who they want to be is ensuring they know exactly what mode they're in when using Google's services," writes Whitten. "So recently we updated the top navigation bar on many of our Google services to make this even clearer. In the upper right hand corner of these Google pages, you will see an indicator of which account, if any, you are signed into. "

Could this be a step in the direction of the so-called "Google +1"? If, by that, we mean a social layer in Google, then certainly identity has something to do with a "social layer." Beyond that, it seems like a responsible move by the Big G to make sure users realize how the actions they're taking could be connected to their Google identity.

Over the last year, Facebook has become increasingly dominant in terms of being used as the user identity and login on third-party sites. Last summer, we reported that Facebook had dominated as the third-party login of choice, surpassing sites like Twitter, Google and Yahoo in all realms but one - news. News sites saw users logging in almost twice as often using Twitter.

Now, it looks like another site is gaining ground in another realm. Career-centric social network LinkedIn is growing as the login of choice for business-to-business (B2B) sites, proving once again that users prefer certain identities for certain online activities.

Gigya, a provider of tools for social sharing and third-party logins, took a look at the numbers and found that, since its last round-up of social logins in July 2010, LinkedIn has skyrocketed as the login of choice for B2B sites. According to Rachel Peterson, a spokesperson for the company, LinkedIn has seen increased use as a third-party login ever since it updated its profile API. The site has seen an increase from 3% to 20% in just over six months.

"LinkedIn has a strong case that a single social graph through Facebook is not sufficient," said Peterson. "Professionals want to apply different profile data to business oriented sites and share that content with a different group of people than their FB friends."

So, if you're thinking of taking  your site the way of eHow and forsaking all other logins for the one, true Facebook login, you might want to take a gander at the following graphic and see where your visitors lie. Maybe you should be working on that LinkedIn presence a bit more and Facebook a bit less.

The new tool, called simply Registration Tool, is both simpler and more powerful than Facebook Connect. It works as a pre-populated iFrame for logged-in Facebook users, allows site owners to ask for fields of information not offered by Facebook and can be used to register people who do not have Facebook accounts. All under the watchful eye of Facebook, a company that leads the world in online identity and specializes in user data security. It's a very smart move, but raises questions about the company's growing power.

Web development thought leader Jeff Atwood articulated what's becoming an increasingly common sentiment in a recent blog post called The Dirty Truth About Web Passwords:

I'm not here to criticize Gawker. On the contrary, I'd like to thank them for illustrating in broad, bold relief the dirty truth about website passwords: we're all better off without them. If you'd like to see a future web free of Gawker style password compromises -- stop trusting every random internet site with a unique username and password! Demand that they allow you to use your internet driver's license -- that is, your existing Twitter, Facebook, Google, or OpenID credentials -- to log into their website.

That's exactly what the new Facebook Registration tool will make it easy for websites to do. In some cases, with a single line of code.

More Data for Facebook

Facebook is gobbling up user data left and right, that's the price for the power, convenience and security the company's identity services offer. Facebook said earlier this month that ten thousand sites are adding Facebook Connect every day. Peter Kafka reports today at All Things D that Facebook execs at the highest levels are out visiting major media companies like Time Warner and Verizon, trying to convince them to institute Facebook as the user registration and login system across their properties, too.

This new service will undoubtedly make Facebook the defacto registration service for countless more websites. Even people who don't have Facebook accounts will be able to register for websites using this tool - and perform that registration through Facebook.

What does all this mean? It almost feels futile to argue against the growth of Facebook as identity provider across the web. The company is just so good at powering this important feature. Individual websites don't want to mess around with it.

But with great power, comes great responsibility. Right? Facebook is already the world's greatest living census, filled with data about our lives, interests, social connections and activities. Imagine that data being made available for analysis - what an incredible opportunity for social self-awareness it would provide. Imagine that data cross-referenced with other data sets; each new permutation might shed new light on an opportunity for economic growth, on a social injustice that needs to be remedied or on something simply good for us to know about ourselves.

I've been calling for that to happen for years - right up to the point of a one on one conversation about the importance of aggregate user data analysis with Mark Zuckerberg at Facebook headquarters.

My favorite example of how aggregate data can change the world: it was when US census data and bank mortgage loan data were first made available for computer analysis that a historical pattern of discriminatory lending keeping families of color out of key neighborhoods in major US cities was discovered. Real estate red-lining, as it is called, was illuminated by aggregate data analysis. Comparable issues are sure to be hidden in the huge trove of data about how we live our lives on Facebook.

Now more voices are calling for the same thing. In this month alone so far, writers at Slate, The Atlantic and Forbes all called on Facebook to open up its data to outside researchers.

Cliff Kuang, designer and contributor to Fast Company, Wired and more, wrote yesterday about Facebook's new graph of user friend connections around the world and year-end list of trending topics:

"But what really boggles the mind is why Facebook isn't doing more work like this with its data, or least letting a select few use it -- the company possesses the greatest catalog of human life ever created. It's no wonder that social scientists dream of getting just a fraction of that data, to study everything from how social connections are related to job markets, to disease transmission across city borders. After all, Facebook users are the ones who've provided this data. Shouldn't we be getting more out of it than the Top Status Trends of the Year?"

Web 2.0 grandaddy Tim O'Reilly agreed on Twitter, saying, "He's right. Facebook should do more with this data."

Facebook should do more with this data, especially if it's going to insist on gobbling up more and more of it all over the web. That's the least it could do to share some of the wealth, our data wealth, that it's compiling. Otherwise it will be hard to think of the company as something other than a big hungry monster.

According to a Gartner survey earlier this year, enterprise managers see identity management as a top business priority. That would lead to the conclusion that enterprise operations are considering a variety of identity management options.

Emerging is a growing interest in social identity as a means for employees to sign into external applications.

Social identity is a new concept but it falls in line with technology adoption trends in the enterprise.

More so than ever before, companies are using social technologies for a variety of purposes - such as using Facebook as a customer service environment. Social identity serves as a way to manage all the various sites where people connect as part of their work.

Two examples include Facebook for Websites and Twitter, which uses OAuth, to verify the identity of the user. We are in the early stages but Facebook pages are pretty common so you can see why an enterprise may use it for employees to connect with third-party sites.

There's another reason why social identity may have a lasting future. Federated identity has really not been adopted, leaving an opening for services with a social component.

It's not that OpenID is going nowhere: Google Apps uses OpenID; it has been adopted to some extent by the federal government. But it is not nearly as popular as Facebook or Twitter.

But, still, these are very early days. And the issues are numerous.

Dion Hinchcliffe wrote on the topic earlier this year:

"Instead, off-premises SaaS and cloud computing offerings are offering basic synchronization with LDAP and other corporate identity repositories. Also becoming more and more important is identity authenticity (which Twitter tried to address with Verified Accounts). Watch for a raft of social identity issues to accumulate and for new enterprise open identity solutions to attempt to address them as our identities on the Social Web increasingly compete and conflict with our enterprise identities."

Organizations are a long way from adopting social identity systems. OAuth 2.0 represents a first step as it automatically connects services. But there are other options, too.

Over the past several months I've had conversations with Eve Maler, one of the most authoritative voices about identity management. Eve is the chairman of the User Management Access Project Workgroup (UMA). UMA is proposal-as-a-service that would act as an intermediary platform for managing identities across social networks, SaaS providers and other services that the individual is responsible for managing. It gives more control to the user, who provides consent through the service.

Phil Hunt writes:

"Where in the typical OAuth 2 deployment, user authorization and resource owner authorization are combined, UMA instead separates the processing of a user's consent, from authorizing access by the resource owner (e.g. Flickr)."

Aside from the benefits Eve describes, here are a couple more things I like about the UMA proposal.

• UMA recognizes that user information exists in many places on the Internet, and not just at a single IDP/OPs etc.
• It supports a federated (multi-domain) model for user authorization not possible with current enterprise policy systems.
• It's a great way to separate the issue of user consent away from the resource owner's access control policy.
• It becomes possible to handle consent when individuals are offline.

Maler made the following point in response to Hunt:

"In the enterprise, an externalized policy decision point represents classic access management architecture, but in today's Web it's foreign. UMA combines both worlds with the trick of letting Alice craft her own access authorization policies, at an AM she chooses. She's the one likeliest to know which resources of hers are sensitive, which people and services she'd like to share access with, and what's acceptable to do with that access. With a single hub for setting all this up, she can reuse policies across resource servers and get a global view of her entire access landscape. And with an always-on service executing her wishes, in many cases she can even be offline when an access requester comes knocking. In the process, as Phil observes, UMA "supports a federated (multi-domain) model for user authorization not possible with current enterprise policy systems."

Social identity makes sense for its ease of use. It fits with trends we see in the enterprise. The big question is trust and the implementation of infrastructures that provide a secure and simple way to identify the individual on the network.

In all, UMA may be a better answer for unified identity control across the enterprise and the Web.

Will making it easier for Yahoo users to sign in to Google - a direct competitor - draw users away from the portal, search and mail provider, or will it help create an overall better user experience? According to Yahoo, making a process that users were already engaged in simpler will provide a better user experience and keep them interested in one of its most solid products - Yahoo Mail.

According to Kaliya Hamlin of IdentityWoman.net, the step is a big one for OpenID.

"People have been asking FOREVER when are the big web portals actually going to accept other people's OpenIDs. This a significant step by Google to become a relying party," Hamlin told us today.

Scott Kveton, co-founder of the OpenID Foundation, agreed that it was "a big step forward for making OpenID that much easier to use".

"Making it easier to have Google and Yahoo work together is great for Google," said Kveton, but he questioned the advantage for Yahoo. He noted that "making it easier to on-board users into Google via their email accounts means being able to suck in the social graph."

We asked Eran Hammer-Lahav, an Open Web advocate for Yahoo, about the feature, and he told us that it had been in some form of discussion for over two years and would provide a better user experience for Yahoo's users.

"We don't try to lock our users in any way," said Hammer-Lahav. "We want them to have a better Web experience no matter what site they are on, just by being a Yahoo user. Yahoo is not in the business of locking users to only use its services, especially when the Web is getting so much more distributed and social."

Hammer-Lahav told us that Yahoo believes its mail product is strong enough to keep users happy (and loyal), as evidenced by when Yahoo was one of the first email providers to provide address book mobility. When we asked if Yahoo would be offering the same sort of feature, he explained that there weren't many Yahoo products that required email sign-ins, but the company is adding OpenID support for activities like adding comments, which do require full account sign-ins. In this case, Google added this functionality, he explained, because Yahoo email account holders make up a large percentage of the email market and those trying to create Google accounts.

In the end, that may be just it - the simple fact that users will be drawn to Google's growing arsenal of Web tools, from Google Docs to Voice to AdWords, and it's better to keep what business you can rather than have your users abandon your product completely.

The unveiling comes a week after Facebook fired a big shot across the web, staking a claim as the dominant provider of one-click portable identity. These two technologies seem aimed right at each other and engineers at both companies have no doubt been following each others' work closely.

The Mozilla technology is called Account Manager and is intended to become an open specification that any other browser can build on top of as well. Supporting browsers will automatically generate and remember diverse, high-strength passwords for users and allow multiple users to switch easily between accounts when visiting common websites on one computer. The interface mock-ups looks really nice, too.

Account Manager is currently available as an experimental plug-in, primarily for developers to test with, but project leaders say they "are looking to ship this feature as soon as possible in Firefox."

Mozilla's Dan Mills says "the final feature will almost certainly not look like this - it's just to give you an idea." But it certainly does look exciting. A feature like this would make new account creation super fast, it would eliminate the need to remember your passwords and it would make it safer to use web apps. That could be just the beginning, too: identity is more than just a username and password. There's no reason why you shouldn't be able to carry all kinds of payload with you (tastes, contact info, etc.) when you navigate the web with your browser.

Hopefully Chrome will institute support for this same code quickly. The browser is a very logical place to transport log-in info. "The browser also has deep knowledge about the user," says Mozilla. "For example, the browser could implement fast user switching with just a click. Or think about picking a username: the browser can look at usernames for other accounts and make some pretty good guesses about what usernames are preferred."

The ability to easily manage multiple identities is big, too. That's something that Facebook doesn't offer, but it's important when it comes to choice, freedom and privacy.

Challenging Facebook

One year ago we wrote that the most viable challenger to Facebook's fast growing domination of the web could be Firefox, not another social network. Firefox had more users at the time (270 million vs Facebook's then 200 million), but Facebook has doubled its user numbers in the last year alone.

Facebook launched a jaw dropping number and scope of new portable identity technologies last week.

Here's what we wrote a year ago about these two companies going head to head.

Why compare user numbers between a browser and a social network? Because there's every reason to believe that the two technologies are converging in the near term future. ...

Though we may not be sure about his prediction that Google will act before Firefox, we think Forrester's Jeremiah Owyang offers a very compelling vision of the future of browsers and social networks in his excellent report The Future of the Social Web.

'... in a bid to extend the reach of its new browser, Chrome, we expect Google to build OpenID and its associated friend connections into the browser; look for Firefox and eventually Internet Explorer to copy this feature. Facebook and MySpace will also likely build a way for users to surf the Web within the Facebook experience, retaining the social functionality. These connections won't be perfect, but they'll allow social networks to colonize communities and other parts of the Web, extending their experience out to other sites through the shared ID. As a result, in two years, portable identities will become a ubiquitous part of the online experience as they reach maturity.'

It's only logical to extrapolate from that analysis that the line between browsers and social networks will become much less clear and the two types of software will very likely compete with each other."

Click here to read the rest of our analysis of things changing about Firefox that point towards its importance in the world of online identity.

Who do you want to carry your identity around the web for you? How about a nice open source browser, built on open standards, supporting multiple identities and strong security? That sounds better to me than putting Facebook in charge. Despite all Facebook does for hundreds of millions of people, putting our entire portable identity into one company's hands is just too dangerous. Of course if it's quick and easy browser-level identity you want, don't forget about the "Facebook browser" called RockMelt that Netscape founder Marc Andreessen is backing and that we broke the news about last Summer. Last we heard, that super stealthy company was still hiring.

Let's see some more competition on the browser level! This time with portable data and a world of web applications at the heart of the battle.

"It might be the only truly free--albeit not the only priceless--object in our collection," Paola Antonelli, Senior Curator, Department of Architecture and Design, wrote this morning. Why add such an artifact to the collection? Antonelli's explanation is quite artful itself. For social web users, though, the meaning of the symbol is more contentious than the Museum has acknowledged. Isn't good art generally the subject of controversy?

Says MoMA:

"The appropriation and reuse of a pre-existing, even ancient symbol--a symbol already available on the keyboard yet vastly underutilized, a ligature meant to resolve a functional issue (excessively long and convoluted programming language) brought on by a revolutionary technological innovation (the Internet)--is by all means an act of design of extraordinary elegance and economy."

Discussion of the @ symbol around the web today has focused on its widespread use in email addresses, but how do you use it most often each day? If you're like us, your use of the symbol on Twitter and Facebook is becoming increasingly common.

That might seem a minor matter, but in fact the changing use of the @ could be a symbol itself for a larger battle over identity on the internet. Twitter and especially Facebook are jostling to become the primary providers of our identities online. When we address each other as @myfriend - these days that's an in-network message that assumes we all use the same identity host. That's very different from myfriend@identityhost.com.

It's about monopoly, competition, innovation, control, freedom and interoperability. @ may be a work of art, but it's also an important point of contention for the future.

See also: Email as Identity: Google Turns on Webfinger and Not Everyone Is Exited About Facebook Vanity URLs

Just when you thought the Identity game was over and Facebook or Twitter had won, now you can welcome 55 million more docomo customers onto the OpenID side of the contest.

Why OpenID is Important

OpenID is an open source and open standards system of Identity that allows users to log-in to any OpenID supporting website with the account they've already created through a trusted identity provider. The system makes it easy for users to start using new sites with just a few clicks, easy for them to take their profile and friend data with them from site to site and easy for websites to offer personalized service immediately, based on the data an OpenID user brings in with them from their cross-service identity provider. Though ease of login has been the primary use to date, identity and payload as web-wide development platform is the long-term promise of OpenID.

It's an intriguing paradigm that has had mixed success to date, limited primarily by design and User Experience challenges. The entry of Japan's largest telco into the OpenID ecosystem could help propel OpenID forward, but many other large companies have gotten as far as offering outbound OpenID and then ceased active engagement with the protocol.

We've got our fingers crossed, though, for the success of a portable identity system that isn't owned by one single provider like Facebook. Facebook's Connect system of identity does offer a good perspective, though, on what's possible in every way but independent ownership.

But how can you have both? I created a spectrum of identity to help understand the different forms that exist on the internet. On one end is Anonymous Identity. Basically you use an account or identifier every time go to a Web site - no persistence, no way to connect the search you did last week with the one you did this week.

This guest post was written by Kaliya Hamlin, also known as Identity Woman, who has been working on cultivating open standards for user-centric identity since 2004. She co-founded, co-produces and facilitates the Internet Identity Workshop, the primary venue for collaboration on identity standards amongst large Internet portals, large enterprise IT companies and small innovators.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don't reveal your common or real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address, etc. You fill in forms again and again. You can give "fake" information or true information about yourself - it is up to you.

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company, your employer could issue a claim that you were indeed an employee. Or you might have your bank verify for your address.

A Linear Spectrum?

It seems like the two ends of this spectrum can't go together. You can't be anonymous and verify yourself by sharing all of the details on a credential from a government issuer who has asserted they have checked these things are true.

Microsoft demonstrated today how you can achieve anonymity and identity verification together at the same time, giving you verified anonymity. This technology (that relies on some pretty complex cryptography) lets you prove things without giving away too much information about yourself. For example:

• Proving you are over 21 without giving away your actual birth date
• Proving you live in a certain congressional district and are a registered voter but not having to give away your name or address
• Proving you are a kid at a middle school in San Jose without giving away which school or which grade you attend

Two years ago Microsoft surprised a lot of people with the purchase of Stefan Brands' company Credentica and its product U-Prove. It promised to open up the intellectual property and make it available for everyone. Finally, two years later, it is opening it up under the Microsoft Open Specification Promise. If you want to understand the crypto you can watch an hour-long video of Dr. Stefan Brands explaining it .

Microsoft is releasing the reference SDK's in source code (a C# and Java version) under the BSD open source software license. The goal is to enable the broadest audience of commercial and open-software developers to implement the technology in a way they see fit.

At the last Internet Identity Workshop there was a lot of conversation about Active Clients for all identity protocols: OpenID , SAML, WS-*, Information Cards, etc. Active clients support end users - regular people managing their different identities and credentials (like an over-21-verified, but anonymous ID). One way to make them usable is to map the underlying id management tools available online to real world metaphors - like the cards you find in your wallet. Information Cards are digital cards that are selected as one needs them to present online via a selector. The community has developed an open standard for exchanging information in this format in the IMI (Identity Metasystem Interoperability) Technical Committee,and is at OASIS.

Microsoft is releasing more IP under the OSP for the integration of U-Prove technology into "identity sectors" that other companies are developing. This includes the Higgins Project, which has the main open-source information card selectors.

As for its own products, the company is releasing to the public the Community Technology Preview (CTP) of the U-prove technology (as per the crypto spec), with Microsoft's identity platform technologies (Active Directory Federation Services 2.0, Windows identity federation, and Window's CardSpace v2). This video gives you a developer's perspective of the U-Prove technology from the guys who have been building it for years.

The underlying cryptography, open standards used to exchange information, and the client-side tools to support end users will enable more Web services to take advantage of the full range of identities on the spectrum - not just the socially verified ID's that services like Facebook or Twitter provide.

Google began a small beta test of WebFinger in August 2009. Today, Google's Brad Fitzpatrick announced that the company has now enabled WebFinger fall all Google accounts with public profiles.

Making Your Email Address More Useful

You can think of WebFinger as an email-centric cousin of OpenID. While OpenID associates your identity with a URL, WebFinger links your identity to your email address. WebFinger can store metadata about your account and make it publicly accessible. This data can include your public profile data, information about other services that are used by this email address, a URL to your avatar, or - if you choose so - a declaration that this address doesn't have any metadata associated with it. The WebFinger metadata can also point to an alternative identity provider, which can be an OpenID server.

Update: we should note that while webfinger accounts look like email addresses - and often are email addresses - they can also simply point to a webfinger account that isn't actually an email address, too. It could just point to a public profile.

Currently, there are not a lot of user-facing projects that expose this data, but you can find a small demo service written by Google engineer DeWitt Clinton here.

Adding Value to Google Profiles

With Buzz, Google already put a lot of emphasis on Google Profiles and today's announcement increases the value of these profiles even more. It's important to note, though, that WebFinger is an open and free protocol, so any email service and identity provider can implement it. You can find more detailed information about the WebFinger protocol here.

Image Credit: Flickr user purpelslog.

The Open Government Identity Management Solutions Privacy Workshop is being held in Washington DC to draft a process for certifying existing identity providers for low-security government authentication transactions (so-called NIST level 1). If the plans move forward, we may someday be able to log in to government sites using our favorite OpenID-supporting website credentials. Google, AOL, Yahoo or other commercial accounts could become new keys to a consistent experience around the .gov web.

The draft process for selecting approved Trust Framework Providers that will then certify individual identity providers is titled "Trust Framework Provider Adoption Process for Levels of Assurance 1, 2, and non-PKI 3" and is available for download as a PDF.

That draft includes requirements that OpenID or related Info Card identities not be used to authenticate people who are physically present (it's just for remote online access), that they not be used to transmit activity data or anything else beyond what is specifically requested by a government agency and that there be measures taken to continue protecting personal information if the identity provider goes out of business.

Identity providers will be evaluated on factors like an organization's technical implementation of authentication, its reputation and its business stability.

Providers who meet the requirements of the Trust Framework may be chosen to provide low-security authentication for users of government websites.

O'Reilly's Andy Oram posted an in-depth look at some of the issues raised by government support for OpenID last week.

"In considering government adoption," OpenID Foundation board member Chris Messina said of the Framework, "primary among our priorities is the protection of individual privacy while also considering ease of use and convenience. These factors cut to the core of the purpose of Trust Framework and feedback, therefore, is strongly encouraged on the document we've produced so far."

Keep your eyes peeled for an opportunity to comment publicly.

Government validation of federated identity could be a major boost for the ecosystem of the open, distributed web, and thus for innovation online. We hope the people making these plans can get it right and that the relevant government agencies can garner sufficient public support.