Here’s a principle that I think the internet identity community needs to come to grips with.  Sites are going to talk about users behind their backs.  They are going to exchange information about users without the users explicit permission.  While strictly speaking the users permission for these exchanges may have been acquired the user will not fully comprehend that the he gave permission.

In any case I think it is dangerously nieve to attempt to design systems that take as their primary goal minimizing the amount of information about users that flows between the sites.  Not because it wouldn’t be wonderful to minimize those flows but because those flows take place already and they are not about to stop.

For example all the advertising networks (i.e. double click, google, etc) collect tremendous amounts of information about users.  Should we presume they don’t sell that information back to sites in one form or another?  The catalog, financial, medical, and insurance industries all pool customer data in ways that are analagous to what the advertising networks are doing.  Should we presume they don’t traffic in that information?
These pools of customer data are the elephant in room.  Some of them are held by consortium, like the health records, while the newer ones are held by single firms.  What Google knows about me, oh lord!  The majority of participants in the internet identity dialog appear to be ignoring that it is the legal responsibility of the owners of this data to milk the maximum value out of them.

So here’s a thought.  Maybe we shouldn’t be struggling quite so hard to minimize data flows.  Maybe we should be struggling to make the data flows more transparent.  If it’s necessary to accept that then it has consequences.

Any standard that is going to be widely adopted by sites must provide sufficient value to pay for the cost of adoption.  Today if a site wishes to know more about it’s users it can do that by paying for that information from the current operators of an existing data pool.  Any standard that hopes to displace these dominate players in the internet identity market will have to provide good value for reasonable adoption cost.  Designs the emphasis user privacy over other attributes are unlikely to strike the right balance to get the network effect to happen of both user adoption and site adoption.

I’m not sure I entirely like where this line of thinking is going; but I do know where it came from.

In my web logs most incoming visitor’s browsers politely tell me who reffered them to me.  I got to wondering if I ought to be thanking those nice sites that sent me these nice visitors.  Which lead to realizing that I have what the autistic b-school types call “a relationship” with those other sites.  Let’s call these other sites my partners.  When one of these visitors gets referred to me why can’t I discuss him with my partners?  Why is there no protocol for that?  Me: “Yo, partner, who is this dude?”  Partner: “Him? Don’t know much about him, but he’s got an account here; and it says his private information broker is .”

Of course that conversation appears pretty privacy invading.  So sites that want to do that are forced to go through a gossip broker.  I.e. their advertising network.  Which only leads to extremely strong network effects for one advertising network to dominate the others; because they accumulate a better model of these visitors.

Pretending that these data pooling gossip brokers are not part of the ecology isn’t working to their advantage.