[OpenID] Discouraging "anonymous" OpenID users

Johannes Ernst jernst+openid.net at netmesh.us
Mon Jul 28 04:46:39 UTC 2008 

I think this is the essence of why Facebook thinks they are very  
attractive as an identity provider: the accumulated "social capital"  
around the identities.

On 2008/07/25, at 21:50, SitG Admin wrote:

> One of the risks posed to Consumers is, what's to stop spammers from
> just automating the process of generating URI's (with any of an
> ever-growing list of Providers) that can be used to authenticate as
> "real" people?
>
> Last month I wrote about distinguishing between identities:
> http://openid.net/pipermail/general/2008-June/005025.html
> PGP is okay, but I have a problem with it: the requirement of a User
> ID, usually a 5-character "Real name" as the bare minimum. Isn't the
> public key enough? Forget not using my "Real" name as the unique
> identifier; I shouldn't have to use *any* name. Other people can
> assign me whatever name they wish, at their own discretion, and we
> don't have to worry about conflicts between namespaces. Never mind
> distinguishing between two people named "Shade"; what guarantee do
> people have that EITHER of us is *really* named Shade?
>
> None. But here's the big deal: they also don't CARE.
>
> Think about this for a moment: is your Significant Other in love with
> *you*, or in love with your name? Everything about you, that is
> meaningful to other people - is the *name* really part of this?
>
> Do we really *need* names to know what we like/value in other people,
> or just to keep them separate in our heads? And if that latter is all
> that's needed, all that's left for what we find meaningful *in*
> identity is information *about* someone.
>
> The same sort of information (usually content of some kind) that's
> exchanged in all kinds of social interaction. As this (valued)
> content accumulates under a single identity, we value that source
> even *more* - because, even if we don't know who it is, we can still
> appreciate their contributions.
>
> Even if they suddenly "vanish" (never to be heard from, or seen,
> again), we still have those contributions. We've *received* some
> value - if they turn out to be spammers, just setting up the
> appearances to *seem* like a real person, we *still have that value*.
>
> Think of it as a security deposit against spam - but one where the
> entity making this deposit receives cumulative interest on their
> deposit, which may eventually exceed the amount that they originally
> paid to earn initial "trust". Because that's what this is about:
> trusting people, to be *real* people, by asking them to volunteer
> some original "value" which they can only retain claim to if they
> maintain a consistent identity. They can start over, but it would
> require another deposit.
>
> And the best part of all? The infrastructure for this wouldn't
> require any marketing for adoption, because people are *already*
> rating one another's contributions. We've become *used to* this
> model. In one sense, the infrastructure for this is already here; it
> may need some technical details, but we're already performing
> value-judgements on what we read, and what it means to us.
>
> This is all the introduction anyone should need.
>
> -Shade
>
> Postscript: And yet I can't help but wonder what will happen when I
> begin publishing under the "Claimware" license that I worked out,
> several years ago, as an idle foray into driving the RIAA *nuts*:
> anyone may claim to have authored the content, but only if they
> refuse to name any sources they might have acquired it through
> previously, practice a non-assertion covenant of their "rights"
> against others claiming the same content under the Claimware license,
> and include the Claimware license with their copy.
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list