The Next Next Big Thing
…is Who 2.0. That’s according to an interview with Tim O’Reilly, the man who popularised Web 2.0. On Basque news site eitb24, he said that he thinks:
…certain kinds of databases are going to become really big and really useful. We are just in the early stages, digital identity doesn’t really work yet. But that will, you know, start to coalesce, where all these different sources of identity will start to be resolved and connect to each other. And we’ll have a rich identity system you could call Who 2.0.
I definitely agree. Think about the amount of information that Yahoo! has about you. It’s got most of my email, my address book, my pictures and my bookmarks. Google has got my search history, some more of my email and pictures, my RSS feeds, my calendar and another address book. Both know about this blog, and know it’s connected to all that other stuff.
O’Reilly is bullish that this will be empowering: “What web 2.0 teaches is that we’re using people to make computers smarter.” A web that knows what you like, what you probably want to do next, and the information that is relevant to you. Larry Page once said: “The ultimate search engine… would understand exactly what you mean and give back exactly what you want.” It’s going to need to know a lot about you in order to do that. A move towards single-sign on, whereby your web identity across Yahoo!, Google, Amazon, e-Bay and the rest remains the same, will help to facilitate this ‘rich identity’.
It’s also quite worrying to a lot of people, though. If your Firefox password manager - the single sign-on we have today - turned out to be flawed (gulp) then that’s quite a big portion of your life on show, and abusable. Think about the explosion of identity ’services’: Garlik, Reputation Defender, OpenID, ClaimID, SAML and OSIS, to name but a few. Identity Theft is already rife - 4% of us suffered it this year alone. Probably a lot of people aren’t yet aware of how much information about them is openly available on the web. As internet use matures, they’ll become more aware, and there will be greater outcry against incursions into our privacy.
The trouble is that we’re moving forward without having cracked the basic problems around security. Password-based systems suffer from user laziness, get hacked or the information given away for free. Smartcards and the like get stolen, forgotten or lost. Public/Private key programs are too complex for most users. Biometric systems are expensive, not universally available and are also said to be ‘too secure’ - once someone figures out how to fake your fingerprints, for example, how will you ever get your identity back? Combinations of these techniques are more secure, sure, but since their ingredients are vulnerable, they’re ultimately vulnerable too. I’m no expert on this matter, but I’m well-aware that there’s considerable unease about the inability of machines to tell if it’s really you.
And that’s why Who 2.0 is going to be such a hot potato. On the one hand we’ve got people like O’Reilly, the top brains at Google and the like trying to make the web do more. To make it work more intelligently according to what sort of person you are, what your interests are and the context. On the other, web users are thinking ‘hang on, how did you know I wanted that? I’m not comfortable with this.’
