The Lurker

Latest posts | Archive

posted by ajf on 2007-08-21 at 11:56 pm

I've stumbled across a few blog posts in the last few days criticizing OpenID, which is fair enough. It's not perfect. The biggest credible concern people have raised is that authenticating using OpenID involves your web browser temporarily leaving the site to which you're identifying yourself. They claim this is a "user experience" concern, and I suppose it is (though I suspect that the real concern is that the last decade of web development has taught them that the most important rule of building a web site is "never let them leave your site if you can avoid it"). But many of the other complaints seem to be born of complete ignorance of what OpenID does. I can't, for example, figure out which of these two comments more completely misses the mark: Adrian Sutton's the question of what happens to all your accounts when your OpenID provider disappears is a particularly good one (well, no, it fucking well isn't, because the entire fucking point of OpenID is to avoid tying your identity to either provider or consumer, which means you can shift to a new provider instantly, whenever you want, without having to change your identity or notify any of the sites you use), or this comment by Jeff Greco on Dare Obasanjo's blog (my emphasis) about Thoughts on the Social Graph by LiveJournal founder Brad Fitzpatrick:

That being said, making it easier to find people you already know on new websites is useful. I think one successful form of social network portability we currently see are the e-mail address book scanners that are cropping up everywhere. Through use of this on LinkedIn, I managed to find many people I already knew that I wouldn't have even thought would have made it onto that site. I prefer this type of API usage to any sort of OpenIDesque centralization.

No, wait — this one wins, hands down. (The other guy just didn't understand the thing he was talking about.) I mean, apart from evidently using the word "centralised" to describe interoperability (tonight I feel like attributing this sort of thing to stupidity rather than malice), he thinks that a plausible approach to unifying contact information across social networking sites is a worse idea than what he calls "API usage".

Except, you know what? It's not anything like "API usage". What he's talking about is how (as Brad mentions in an aside) some web sites encourage people to identify contacts by providing access to their webmail address books. And when I say "providing access to their webmail address books", that means, to quote another post from Dare, violating the terms of use of various email providers by screen scraping user address books and contact lists after collecting their log-in credentials. I'm all but speechless. I don't know where to begin. Teaching your user to give out their Gmail username and password to any web site that asks for it is completely fucking irresponsible. There is absolutely no excuse for that. It's hard enough to teach people how to avoid phishing attacks without creating useful web services that work exactly the same way.

(The best comment on that post, incidentally, is this one: I still can't believe that you listen to Timbaland. He's named after footwear for Christ's sake.)

Honourable mention goes to Dare himself for I've seen what it takes to build a system like this first hand and Brad & company have their work cut out for them.. A lot of people commenting on Brad's essay seem to underestimate the guy like this. It's like they've forgotten that he created LiveJournal.

Yet they're asking if he really understands how people use their friends lists, when his site invented the term "friends list". They're asking whether he's considered the impact of private data on his proposal when (aside from the fact that he explicitly addressed excluding private data) he wrote one of first blogging applications (if not the very first) that let the blogger control exactly which users are allowed to see which posts. And they're questioning whether the guy who built the world's first and most successful Harry Potter slashfic distribution network can make this stuff accessible to the general public.

Let me repeat that: he created LiveJournal.

You know... that site which, starting in 1999 (translation: "before everybody except Dave Winer"), pioneered just about every single defining fucking characteristic of whatever it is we're currently calling what was known as "social software" this time last year? Yeah, that LiveJournal. That Brad Fitzpatrick. For fuck's sake, people.

Related topics: Rants Web Mindless Link Propagation

All timestamps are Melbourne time.