twopointouch

…is Who 2.0. That’s according to an interview with Tim O’Reilly, the man who popularised Web 2.0. On Basque news site eitb24, he said that he thinks:

…certain kinds of databases are going to become really big and really useful. We are just in the early stages, digital identity doesn’t really work yet. But that will, you know, start to coalesce, where all these different sources of identity will start to be resolved and connect to each other. And we’ll have a rich identity system you could call Who 2.0.

I definitely agree. Think about the amount of information that Yahoo! has about you. It’s got most of my email, my address book, my pictures and my bookmarks. Google has got my search history, some more of my email and pictures, my RSS feeds, my calendar and another address book. Both know about this blog, and know it’s connected to all that other stuff.

O’Reilly is bullish that this will be empowering: “What web 2.0 teaches is that we’re using people to make computers smarter.” A web that knows what you like, what you probably want to do next, and the information that is relevant to you. Larry Page once said: “The ultimate search engine… would understand exactly what you mean and give back exactly what you want.” It’s going to need to know a lot about you in order to do that. A move towards single-sign on, whereby your web identity across Yahoo!, Google, Amazon, e-Bay and the rest remains the same, will help to facilitate this ‘rich identity’.

It’s also quite worrying to a lot of people, though. If your Firefox password manager - the single sign-on we have today - turned out to be flawed (gulp) then that’s quite a big portion of your life on show, and abusable. Think about the explosion of identity ’services’: Garlik, Reputation Defender, OpenID, ClaimID, SAML and OSIS, to name but a few. Identity Theft is already rife - 4% of us suffered it this year alone. Probably a lot of people aren’t yet aware of how much information about them is openly available on the web. As internet use matures, they’ll become more aware, and there will be greater outcry against incursions into our privacy.

The trouble is that we’re moving forward without having cracked the basic problems around security. Password-based systems suffer from user laziness, get hacked or the information given away for free. Smartcards and the like get stolen, forgotten or lost. Public/Private key programs are too complex for most users. Biometric systems are expensive, not universally available and are also said to be ‘too secure’ - once someone figures out how to fake your fingerprints, for example, how will you ever get your identity back? Combinations of these techniques are more secure, sure, but since their ingredients are vulnerable, they’re ultimately vulnerable too. I’m no expert on this matter, but I’m well-aware that there’s considerable unease about the inability of machines to tell if it’s really you.

And that’s why Who 2.0 is going to be such a hot potato. On the one hand we’ve got people like O’Reilly, the top brains at Google and the like trying to make the web do more. To make it work more intelligently according to what sort of person you are, what your interests are and the context. On the other, web users are thinking ‘hang on, how did you know I wanted that? I’m not comfortable with this.’

Online privacy and reputation is going to be big business over the next few years. The last couple of weeks have seen the beta launch of both London’s Garlik and US-based Reputation Defender. Both of these subscription services offer to scour the web for you, find every trace of your name and optionally attempt to delete it by contacting the service providers responsible for its storage. (Reputation Defender also offers a service allowing you to spy on your child, which is another matter entirely).

According to a study by counsellors at Purdue University, “1/3 of employers screen job candidates using search engines like Google, Yahoo!, and MSN. 11.5 percent look through social-networking sites like MySpace, Facebook, and Xanga for the profiles of job candidates.” This practice is only going to increase as employers become more aware of how much information can actually be obtained online. As digital natives move from trainsurfing to applying for accountancy degrees, the detritus of their online past could become quite harmful.

But thoroughly respectable adults also have reason to be concerned. Garlik’s co-founder Tom Ilube told me of his surprise at finding floorplans of his house on his local council’s website following an application for permission to build an extension. Nothing to hide there, but do you really want that sort of thing to be in the public domain without your permission? According to Ilube, the time is right for a mass-market privacy service as the general public start to become aware of just how much data about them is being stored online. The growing problem of identity theft - more than 100,000 britons were affected last year according to Garlik, at a cost of £1.7bn - is also addressed by the service.

It will be interesting to see how successful they are at actually delivering what they promise. After reading of people’s difficulties in simply having negative or incorrect Wikipedia profiles deleted, I have to be a little sceptical.