Short answer No – I’m headed to the protest today at Facebook.
A post about the experience will be up here by tomorrow. I’ll be tweeting from my account there which is of course @identitywoman
______
Post from Sept 2014
Mid-July, friend called me up out of the blue and said “we won!”
“We won what” I asked.
“Google just officially changed its policy on Real Names”
He said I had to write a post about it. I agreed but also felt disheartened.
We won but we didn’t it took 3 years before they changed.
They also created a climate online where it was OK and legitimate for service providers to insist on real names.
For those of you not tracking the story – I along with many thousands of people had our Google+ accounts suspended – this posts is an annotated version of all of those.
This was the Google Announcement:
[Read more…] about We "won" the NymWars? did we?
Industry Developments
Nymwars: IRL on Google's Lawns.
We need to bring this struggle to Google IRL (In Real Life – physical, real world, meet space). Here is my thinking on why and my ideas about how.
WHY: Even women with privileged access to Google insiders and who have real name handle combinations are not getting reinstated.
Google+ and my "real" name: Yes, I'm Identity Woman
When Google+ launched, I went with my handle as my last name. This makes a ton of sense to me. If you asked most people what my last name is, they wouldn’t know. It isn’t “common” for me. Many people don’t even seem to know my first name. I can’t tell you how many times I have found myself talking with folks at conferences this past year and seeing ZERO lighbulbs going off when I say my name “Kaliya”, but when I say I have the handle or blog “Identity Woman” they are like “Oh wow! You’re Identity Woman… cool!” with a tone of recognition – because they know my work by that name.
One theory I have about why this works is because it is not obvious how you pronounce my name when you read it. And conversely, it isn’t obvious how you write my name when you hear it. So the handle that is a bit longer but everyone can say spell “Identity Woman” really serves me well professionally. It isn’t like some “easy to say and spell” google guy name like Chris Messina or Joseph Smarr or Eric Sachs or Andrew Nash. I don’t have the privilege of a name like that so I have this way around it.
So today…I get this
I have “violated” community standards when using a name I choose to express my identity – an identity that is known by almost all who meet me. I, until last October, had a business card for 5 years that just had Identity Woman across the top.
Display Name – To help fight spam and prevent fake profiles, use the name your friends, family, or co-workers usually call you. For example, if your full legal name is Charles Jones Jr. but you normally use Chuck Jones or Junior Jones, either of these would be acceptable. Learn more about your name and Google Profiles.
[Read more…] about Google+ and my "real" name: Yes, I'm Identity Woman
The Trouble with Trust, & the case for Accountability Frameworks for NSTIC
There are many definitions of trust, and all people have their own internal perspective on what THEY trust.
As I outline in this next section, there is a lot of meaning packed into the word “trust” and it varies on context and scale. Given that the word trust is found 97 times in the NSTIC document and that the NSTIC governing body is going to be in charge of administering “trust marks” to “trust frameworks” it is important to review its meaning.
I can get behind this statement: There is an emergent property called trust, and if NSTIC is successful, trust on the web would go up, worldwide.
However, the way the word “trust” is used within the NSTIC document, it often includes far to broad a swath of meaning.
When spoken of in every day conversation trust is most often social trust.
[Read more…] about The Trouble with Trust, & the case for Accountability Frameworks for NSTIC
Alignment of Stakeholders around the many NSTIC Goals
The Many Goals for the Identity Ecosystem & NSTIC Governance
The NSTIC governance NOI articulates many key activities, qualities and goals for a governance system for NSTIC. NSTIC must:
- convene a wide variety of stakeholders to facilitate consensus
- administer the process for policy and standards
- development for the Identity Ecosystem Framework in accordance with the Strategy’s Guiding Principles
- maintain the rules of participating in the Identity Ecosystem
- be private sector-led
- be persistent and sustainable
- foster the evolution of the Identity Ecosystem to match the evolution of cyberspace itself.
Achieving these goals will require high-performance collaboration amongst the steering group and all self-identified stakeholder groups. It will also require earning the legitimacy from the public at large and using methods that surface their experience of the Identity Ecosystem Framework as it evolves.
[Read more…] about Alignment of Stakeholders around the many NSTIC Goals
Proactive Development of Shared Language by NSTIC Stakeholders
This is the “punchline section” (in my response it is after what is below…the history of collaboration in the identity community):
Proactive Development of Shared Language by NSTIC Stakeholders
In 2004-5 the Identity Gang (user-centric identity community) was 1/10 the size of the current NSTIC stakeholder community. It took us a year of active grassroots effort to develop enough common language and shared understanding to collaborate. NSTIC doesn’t have 5-10 years to coalesce a community that can collaborate to build the Identity Ecosystem Framework. To succeed, the National Program Office must use processes to bring value and insight while also developing shared language and understanding amongst stakeholders participating.
[Read more…] about Proactive Development of Shared Language by NSTIC Stakeholders
NSTIC Response by Identity Woman
Context for my response to the NSTIC Governance NOI
Table of Contents to Blog Posts of My Response
My Complete Response in PDF form Kaliya-NSTIC-NOI
Introductory Letter of the Response.
Context for my NSTIC NOI response
I surprised myself when writing my response to the NSTIC (National Strategy for Trusted Identities in Cyberspace) Governance NOI (Notice of Inquiry). I wasn’t sure exactly what I was going to say because the questions seemed like they were way ahead of where they should be interms of where things were. I decided to begin by sharing important Context, Frames and Terms that were important before getting to the Questions of Governance and what should be done now.
I began with the word Ecosystem – what it meant and that a system was at the heart of this strategy not something simple or easily actionable.
I touched on the history of the Identity Community and how much conversation and intensive dialogue happened amongst that early community to get to a place where collaboration was natural and “easy”. A huge amount of effort went into developing shared language and understanding then and this is needed once again. The range of self identified stakeholders for NSTIC is quite large (the range of not self identified stakeholders it could be said is everyone on the planet or at least all those with a digital connection (via phone or interent).
I put forward two different methods/tools/processes that could be used to form shared language and understanding across this stakeholder community Polarity Management and Value Network Mapping.
I suggest that the governance structure proposed a “steering group” actually have a mandate to regularly listen to and act on the recommendations of the system that are generated via 3 different well established dialogic processes (Creative Insight Council, World Cafe and Open Space Technology [What we use at IIW]. I then answer the NOI questions referencing the ideas above.
I am going to be posting the whole of my Response in a series of posts and linking them all from there.
I began with one earlier last week which is focused on “trust” both as an emergent property of the overall system AND as the current name of technology and policy/legal frameworks for identity creation.
Links to NSTIC Response Posts:
[Read more…] about NSTIC Response by Identity Woman
Companies in the Personal Data Ecosystem Space
Update: The Personal Data Ecosystem Startup Circle is full of amazing companies.
Today at the Round Table on Do Not Track people were asking me what all the startups in the space are. For expedience a lot of the descriptions are drawn from the companies own websites. We will work on keeping this updated and write better descriptions in the coming week.
[Read more…] about Companies in the Personal Data Ecosystem Space
Authored: National! Identity! Cyberspace! Why we shouldn’t freak out about NSTIC.

This is cross posted on my Fast Company Expert Blog with the same title.
I was very skeptical when I first learned government officials were poking around the identity community to learn from us and work with us. Over the last two and a half years, I have witnessed dozens of dedicated government officials work with the various communities focused on digital identity to really make sure they get it right. Based on what I heard in the announcements Friday at Stanford by Secretary of Commerce Locke and White House Cybersecurity Coordinator Howard Schmidt to put the Program Office in support of NSTIC (National Strategy for Trusted Identities in Cyberspace) within the Department of Commerce. I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative, like this from CBS News: Obama Eyeing Internet ID for Americans.
I was listening to the announcement with a knowledgeable ear, having spent the last seven years of my life focused on user-centric digital identity. Our main conference Internet Identity Workshop held every 6 months since the fall of 2005 has for a logo the identity dog: an allusion to the famous New Yorker cartoon On the internet, nobody knows you are a dog. To me, this symbolizes the two big threads of our work: 1) maintaining the freedom to be who you want to be on the internet AND 2) having the freedom and ability to share verified information about yourself when you do want to. I believe the intentions of NSTIC align with both of these, and with other core threads of our communities’ efforts: to support identifiers portable from one site to another, to reduce the number of passwords people need, to prevent one centralized identity provider from being the default identity provider for the whole internet, to support verified anonymity (sharing claims about yourself that are verified and true but not giving away “who you are”), support broader diffusion of strong authentication technologies (USB tokens, one-time passwords on cellphones, or smart cards), and mutual authentication, allowing users to see more closely that the site they are intending to do business with is actually that site.
Looking at use cases that government agencies need to solve is the best way to to understand why the government is working with the private sector to catalyze an “Identity Ecosystem”.
The National Institutes of Health is a massive granting institution handing out billions of dollars a year in funding. In the process of doing so, it interacts with 100,000’s of people and does many of those interactions online. Many of those people are based at institutions of higher learning. These professors, researchers, post-docs and graduate students all have identifiers that are issued to them by the institutions they are affiliated with. NIH does not want to have the expense of checking their credentials, verifying their accuracy and enrolling them into its system of accounts, and issuing them an NIH identifier so they can access its systems. It wants to leverage the existing identity infrastructure, to just trust their existing institutional affiliation and let them into their systems. In the United States, higher educational institutions have created a federation (a legal and technical framework) to accept credentials from other institutions. The NIH is partnering with the InCommon Federation to be able to accept, and with that acceptance to trust, identities from its member institutions and thus reduce the cost and expense of managing identities, instead focusing on its real work: helping improve the health of the nation through research.
The NIH also has a vast library of research and information it shares with the general public via the internet. Government sites are prohibited from using cookie technology (putting a unique number in your browser cookie store to remember who you are) and this is a challenge because cookies are part of what helps make Web 2.o interactive experiences. So say that your mom just was diagnosed with breast cancer and you want to do a bunch of in-depth research on breast cancer treatment studies. You go to the NIH and do some research on it, but it really requires more then one sitting, so if you close your browser and come back tomorrow, they don’t have a way to help you get back to the place you were.
The NIH doesn’t want to use a cookie and doesn’t want to know who you are. They would like to be helpful and support your being able to use their library over time, months and years, in a way that serves you, which means you don’t have to start from scratch each time you come to their website. It was fascinating to learn about the great lengths to which government officials were going to adopt existing standards and versions of those standards that didn’t link users of the same account across government websites (see my earlier post on Fast Company). They proactively DID NOT want to know who users of their library were.
One more use case from the NIH involves verified identities from the public. The NIH wants to enroll patients in ongoing clinical trials. It needs to actually know something about these people – to have claims about them verified, what kind of cancer do they have, where are they being treated and by whom, where do they live, etc. It wants to be able to accept claims issued by third parties about the people applying to be part of studies. It does not want to be in the business of verifying all these facts, which would be very time consuming and expensive. It wants to leverage the existing identity infrastructures in the private sector that people interact with all the time in daily life, and accept claims issued by banks, data aggregators, utility companies, employers, hospitals etc.
These three different kinds of use cases are similar to others across different agencies, and those agencies have worked to coordinate efforts through ICAM which was founded in September 2008 (Identity, Credential and Access Management Subcommittee of the Information Security & Identity Management Committee established by the Federal CIO Council). They have made great efforts to work with existing ongoing efforts and work towards interoperability and adopting existing and emerging technical standards developed in established industry bodies.
Let’s continue exploring what an identity ecosystem that really works could mean. The IRS and the Social Security Administration would each like to be able to let each person it has an account for login and interact with it online. We as those account holders would like to do this – it would be more convenient for us – but we want to know that ONLY we can get access to our records, that that they won’t show our record to someone else.
So let’s think about how one might be able to solve this problem.
One option is that each agency that interacts with anywhere from thousands to millions of citizens issues their own access credentials to the population it serves. This is just a massively expensive proposition. With citizens interacting with lots of agencies, they would need to manage and keep straight different IDs from different agencies. This is untenable from a end-user perspective and very expensive for the agencies.
Another option is that the government issues one digital ID card to everyone ,and this one ID could be used at a bunch of different agencies that one might interact with. This is privacy-invasive and not a viable solution politically. No one I have ever talked to in government wants this.
So how to solve this challenge – how to let citizens login to government sites that contain sensitive personal information – whether it be tax records, student loan records, Department of Agriculture subsidies, or any other manner of government services, and be sure that it really is the person via an Identity Ecosystem.
Secretary Locke’s Remarks: The president’s goal is to enable an Identity Ecosystem where Internet users can use strong, interoperable credentials from public and private service providers to authenticate themselves online for various transactions.
What does a private sector service provider use case look like in this ecosystem?
When we open accounts, they are required to check our credentials and verify our identities under know-your-customer laws. People have bank accounts and use them for many years. They know something about us because of their persistent ongoing relationship with us: storing our money. Banks could, in this emerging identity ecosystem, issue their account holders digital identity credentials that would be accepted by the IRS to let them see their tax records.
The private sector, for its own purposes, does a lot to verify the identities of people, because it has to do transactions with them that include everything from opening a bank account, to loaning money for a house, to setting up a phone or cable line, to getting a mobile phone, to a background check before hiring. All of these are potential issuers of identity credentials that might be accepted by government agencies if appropriate levels of assurance are met.
What does is a public service provider look like in this ecosystem?
The Federal Government does identity vetting and verification for its employees. Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors directs the implementation of a new standardized identity badge designed to enhance security, reduce identity fraud, and protect personal privacy. To date, it has issued these cards to over 4 million employees and contractors.
These government employees should in this emerging ecosystem be able to use this government-issued credential if they need to verify their identities to commercial entities when they want to do business with in the private sector.
There is a wide diversity of use cases and needs to verify identity transactions in cyberspace across the public and private sectors. All those covering this emerging effort would do well to stop just reacting to the words “National” “Identity” and “Cyberspace” being in the title of the strategy document but instead to actually talk to the the agencies to to understand real challenges they are working to address, along with the people in the private sector and civil society that have been consulted over many years and are advising the government on how to do this right.
I am optimistic that forthcoming National Strategy and Program Office for Trusted Identities in Cyberspace will help diverse identity ecosystem come into being one that reduce costs (for governments and the private sector) along with increasing trust and overall help to make the internet a better place.
[Read more…] about Authored: National! Identity! Cyberspace! Why we shouldn’t freak out about NSTIC.The Emerging Personal Data Ecosystem
This week I am heading to Telco 2.0 because the conversations with telco’s about how they participate in the Personal Data Ecosystem are moving forward in interesting ways. IIW #10 had several long sessions about the topic. IIW-East was full with each of the 8 time slots having a session about different aspects and IIW-Europe October 11th coincided with the announcement of the first community prototype personal data stores by MyDex.
Learning from one of the mistakes of the past – market confusion inhibiting understanding and adoption of user centric identity technologies. The Personal Data Ecosystem is going to be a “front door” for those seeking to understand the ecosystem overall with a simple message and clear picture of what is happening. It will also connect people to the community working on the aspect of the ecosystem relevant to them. Our focus is on developing the core communities needed for success and fostring communication amongst them. These communities include end users, large personal data service providers, companies providing data to personal data services, developers and startups leveraging this new ecosystem, regulators and advocacy groups along with the legal community and their efforts to create the legal frameworks needed to really protect people.
We arleady have a number of projects working on key aspects around the ecosystem and we will support their success linking them together – Project VRM, ID-Legal, Project Nori, Higgins-Project, Project Danube, XDI.org and IIW (they are linked at the bottom of the Personal Data Ecosystem site), This is a big tent ANY OTHER projects that are related are welcome. We don’t need another dot org to link efforts togethers so PDE is going to be chartered as part of IC3 (Identity Commons).
Right now the Personal Data Ecosystem site is aggregating content from blogs of those covering and building in the space. This week we will be doing our first Podcast covering this emerging industry – Aldo Casteneda who you may remember from The Story of Digital Identity will be hosting it with me.
Next week we will be able to collect links submitted via delicious for the blog. I am working with the fabulous Sarah Dopp on website strategy and online community development and Van Riper is working with me on community management.
IIW coming up in a week is going to be a core community gathering for emerging developments.
Internet Identity Workshop Fall – 3 events
The Tenth Internet Identity Workshop in May, 2010 was the largest ever. We have had inquiries from community members on the East Coast of the US and in Europe have been lobbying us to bring the event to their locations. We are happy to confirm that we are going host IIW’s in Washington, DC and London.
WE NEED YOUR HELP! Please take some action if you like IIW and are reading this. IIW is been about the community that attends and participates year round in the activities of groups that use the event to get real work done and move the industry and vision of user-centric identity that works for people forward.
So with these events upcoming Phil, Doc and I need your help in spreading the word to your collegues on the East Coast and in Europe who would enjoy the event.
To help you do this we have several tools and options.
Blog badges for specific events. (These are two of them their are more on the wiki)
For IIW-East September 9-10 in Washington DC
- A Venue! the Josephine Butler Parks Center (a 10min walk from the Columbia Heights Metro)
- an Invitation up online
- Registration is up here and Early Bird ends August 6th.
- an invitation designed to be send via e-mail
- RSVP on Social Networks – LinkedIN, Upcoming, Facebook
For IIW-Europe, October 11 in London we have
- A still being developed invitation up on the IIW site
- Registration is live Early bird ticket sales end August 31
- RSVP on Social Networks: LinkedIN, Upcoming, Facebook
- Twitter List (it will be a bit small until we have more registrations)
For IIW #11 in Mountain View, November 9-11
- We have a simple invitation up online
- Registration is live Super Early bird ticket sales end August 31
If you value IIW and the conversations that happen there please take some initiative and reach out to colleagues to spread the word about these events. Because of the community focus of the events we rely strongly on community word of mouth to let people know about them.
It would be great to have community ideas put forward for the main IIW invitation articulating the current foci of conversations.
IIWX Internet Identity Workshop 10, Introductory Talk
I gave this talk at the 10th Internet Identity workshop reviewing the shared history, language, understanding and work we have done together over the last 6 years of community life.
Part of this presentation touched on a timeline of events in the community. Those and more are reflected on this timeline that is beginning to be developed here. IIW11 will be November 9-11 in Mountain View, CA The first ever IIW outside the Bay Area will be happening September 9-10 in Washington DC following the Gov 2.0 Summit with the theme Open Identity for Open Government. The first IIW in Europe will be happening in London likely October 9-10 (dates still to be confirmed) prior to RSA Europe. If you would like to know about when the next IIWs have registration open please join this announce list. TheIdentity Gang is the community mailing list where conversations are ongoing about identity. You can follow modest updates about IIW on twitter via our handle – @idworkshop You can see IIW 10 attendees on our registration page.
Chris Messina at Google – Good for him, Google & The Identity/Social Web Community.
I was one of the first people to congratulate Chris Messina on his blog when he announced he was going to Google. It was a personal congratulations. I wasn’t sure if it was good overall for the open web vision or the community as a whole. In the end after thinking about it for a few days I feel it is a good move for them, for Google and for the community. The rest of this post explains why.
With Chris going to Google it gives them three seats on the OpenID board (Joseph and Chris are both community board members and Google has a corporate paying board member seat filled by Eric Sachs). It concentrates a lot of power at Google and I agree with Eran’s concerns from Marshall’s RWW/NYTimes article …why be “open” if you can just have an internal product meeting with Brad Fitzpatrick and a few other Googlers and “ship” a product without reaching out to others. I agree with the concern and I think there will be enough eyes on these individuals in particular and Google in particular to challenge them if they do that.
Thursday morning I sat at “geek breakfast” in Berkeley with a friend discussing Chris and Joseph’s move to Google. We mused about how many people we knew who “get social” have been at Google and because “Google didn’t get social” they were unhappy so they left, Kevin Marks being just the latest example leaving in the fall for British Telecom/Ribbit where he works for JP Rangaswami, the CIO who really gets open.
Given this, if “just” Joseph Smarr was going to Google he would be more “alone” trying to “do social right” at Google. Yes, he would have allies but no one quite as high profile as himself. With Chris Messina there too, there are now two major committed community leaders who can work the politics involved in helping Google to “get” social and actually do it right. If anyone has a hope inside that big company it is those two and I don’t think either could be as effective alone.
If Chris and Joseph fail, that is if they get frustrated and leave (which they can at any time they want cause they are very “employable” because of their profiles by a whole range of companies in the valley) then is a sign that Google doesn’t really “get” social and isn’t moving in the right direction in terms of supporting the emergence of an open standards based, individually empowering & social web.
With Zuckerberg’s statement’s about privacy and the recent actions by Facebook to make user-information public, Google has a huge opportunity to live up to its slogan of “not doing evil”. Over the fall Google made some promising statements on the meaning of open and took action spinning up the Data Liberation Front.
I know many people who currently are and have been at Google. All of them talk about how secure things are internally – it is not possible to go into their systems and “look up a user” and poke around at what they have in their e-mail, or what they have searched on or what is in their google docs. Algorithms look at people’s stuff there, not people. Google takes their brand and reputation for protecting people’s private information seriously. I am not particularly starry eyed about Google thinking they can do no evil – they are just a company driven by the need to make a profit. I worry that they might be becoming too dominant in some aspects of the web and that there are legitimate concerns about the monopoly power they have in certain market area.
I don’t see this as a Google vs. Facebook fight either. Chris, Brad, Eric, Joseph are all at Google & David Recordon and Luke at Facebook; they are all good friends socially and are just six people in the overall identity community made up of about 1000 people at 100’s of companies. Yahoo!, AOL, Microsoft (enterprise & MSN side), are all involved along with PayPal, Amazon, BT, Orange, Mozilla, Sun, Equifax, Apple, Axiom, Oracle, & many many more. They all come together twice a year at the Internet Identity Workshops and other events to collaborate on innovating open standards for identity on the social web.
I invite those who want to participate in the dialogue to consider attending the 10th Internet Identity Worskshop May 18-20.
I take the health of the identity community, its over all tone and balance quite seriously. I helped foster it from the beginning really starring in March of 2004 including 9 months from June of that year until January 2005 it was my first major job – evangelizing user-centric identity and growing the community to tackle solving this enormous problem (an identity and social layer of the web for people). I along with others like Doc Searls, Phil Windley, Drummond Reed, Bill Washburn, Mary Ruddy, Mary Rundle, Paul Trevithick, Dick Hardt, Eugene Kim & many others formed the identity community. Having put my heart, soul, sweat and tears into this community and working towards good results for people & the web, I don’t say what I say in this post lightly.
The Age of Privacy is Over????
ReadWriteWeb has coverage of Zuckerberg’s talk with Arrington at the Crunchies. According to him, the age of Privacy is Over. This is the quote that is just STUNNING:
..we decided that these would be the social norms now and we just went for it.
When I first heard it in the interview in the video I did a major double take – “we decided” ?? seriously? The we in that sentence is Facebook and clearly with Zuckerburg is at the helm – He could have said “I decided” and he as the CEO of a social network has the power to “decide” the fate of the privately shared amongst friends in the context of this particular social network for millions of people (see my post about the privacy move violating the contract with users). It makes you wonder if this one platform has too much power and in this example makes the case for a distributed social network where people have their own autonomy to share their information on their own terms and not trust that the company running a platform will not expose their information.
It is clear that Zuckerberg and his team don’t get social norms and how they work – people create social norms with their usage and practices in social space (both online and off).
It is “possible” to change what is available publicly and there for making it normal by flipping a switch and making things that were private public for millions of people, but it is unethical and undermines the trust people have in the network.
I will agree there is an emerging norm that young men working building tools in Silicon Valley have a social norm of “being public about everything”, but they are not everyone. I am looking forward to seeing social tools developed by women and actual community organizers rather then just techno geeks.
I will have more to say on this later this week – I was quite busy Saturday – I ran the Community Leadership Summit, yesterday I flew to DC and today I am running the Open Government Directive Workshop. While I am here I hope to meet with folks about Identity in DC over the next 2 days.
Demand for Web 2.0 suicides increasing
I went to the suidicemachine and got this message
We apologize to all our users for the breakdown of our service! Within the last hours the huge demand for 2.0 suicides completely overblew our bandwidth resources!
We are currently considering relocating to another serverfarm. Please consider suicide at a later moment and accept our apologies!
You can still try to catch a free slot, but chances are quiet low at the moment!
More from their site….
Faster, Safer, Smarter, Better Tired of your Social Network?
Liberate your newbie friends with a Web2.0 suicide! This machine lets you delete all your energy sucking social-networking profiles, kill your fake virtual friends, and completely do away with your Web2.0 alterego. The machine is just a metaphor for the website which moddr_ is hosting; the belly of the beast where the web2.0 suicide scripts are maintained. Our services currently runs with facebook.com, myspace.com and LinkedIn.com! Commit NOW!
You can even see video’s about what happens as one uses the machine.
ok the FAQ’s get eve better…..
I always get the message “Sorry, Machine is currently busy with killing someone else?”. What does this mean?
Our server can only handle a certain amount of suicide scripts running at the same time. Please consider your suicide attempt at a later moment! We are very sorry for the inconvenience and working on expanding our resources.If I kill my online friends, does it mean they’re also dead in real life?
No!What do I need to commit suicide with the Web 2.0 Suicide Machine?
A standard webbrowser with Adobe flashplugin and javascript enabled. So, it runs on Windows, Linux and Mac with most of browsers available.I can’t see my friends being killed, what happened?
Probably your flash-plugin is older than version 10? But yikes – you cannot stop the process anymore! Once you entered the login details, the machine is running the suicide script.If I start killing my 2.0-self, can I stop the process?
No!If I start killing my 2.0-self, can YOU stop the process?
No!What shall I do after I’ve killed myself with the web2.0 suicide machine?
Try calling some friends, talk a walk in a park or buy a bottle of wine and start enjoying your real life again. Some Social Suiciders reported that their life has improved by an approximate average of 25%. Don’t worry, if you feel empty right after you committed suicide. This is a normal reaction which will slowly fade away within the first 24-72 hours.Do you store any data on your webserver, like password of the user?
We don’t store your password on our server! Seriously, it goes directly into /dev/null, which is equal to nirvana! We only save your profile picture, your name and your last words! Will the 2.0 suicide machine be available for other networks such as twitter and plaxo? We are currently working on improving our products!. Currently we are working on Flickr and Hyves, but of course we are eagerly thinking of ways to get rid of our “Google Lifes”.How does it work technically?
The machine consists of a tweaked Linux server running apache2 with python module. Selenium RC Control is used to automatically launch and kill browser sessions. This all driven by a single python/cgi script with some additional self-written libraries. ?Each user can watch her suicide action in real-time via a VNC remote desktop session, displayed on our website via an flash applet rendered live into the client’s webbrowser. We are also running some customized bash scripts plus MySQL in the background for logging and debugging, jquery for the website and a modified version of the great FlashlightVNC application built in Flex. Web2.0 Suicide Machine consists of roughly 1800 lines of self-written code.Why do we think the web2.0 suicide machine is not unethical?
Everyone should have the right to disconnect. Seamless connectivity and rich social experience offered by web2.0 companies are the very antithesis of human freedom. Users are entraped in a high resolution panoptic prison without walls, accessible from anywhere in the world. We do have an healthy amount of paranoia to think that everyone should have the right to quit her 2.0-ified life by the help of automatized machines. Facebook and Co. are going to hold all your informations and pictures on their servers forever! We still hope that by removing your contact details and friend connections your data is being cached out from their servers. This can happen after days, weeks, months or even years. Just deactivating the account is thus not enough! [emphasis mine]How much does it cost to kill myself?
Usage of Web 2.0 Suicide machine is for free.Can I build my own suicide machine?
Theoretically yes! You’ll need a Linux WebServer (apache2) with perl and python modules (php should be installed as well). Further, you’ll need VNC-server and Java packages by Sun to launch selenium-remote applets. If you feel like contributing or setting up your own machine, please get in contact with us via email.
Facebook Privacy Changes leave us "Socially Nude"
Read Write Web published a guest post by me about how the changes at facebook last week leave us Socially Nude.
Facebook’s Privacy Move Violates Contract With Users
Your name, profile picture, gender, current city, networks, Friends List, and all the pages you subscribe to are now publicly available information on Facebook. This means everyone on the web can see it; it is searchable.
This represents just the latest instance of Facebook violating the contract it holds with its users. This is no small matter, either. Lots of people will have very real and valid objections to this arbitrary change to what’s public and what’s private on Facebook.
….an articulation of the nature of the social contract sites with social features have with users….
I wonder how many more times they will get strip us down, leaving our familiar social clothes and underware on the floor, and leaving us socially nude.
I think it is unethical and I agree with the concern that Jason Calacanis raises about how this will affect other Internet companies. “Facebook’s reckless behavior is… simultaneously making users distrust the Internet and bringing the attention of regulators.” This change will affect all of us working on building the new techno-social architecture of our society via the web.
FastCo Post on Governemnt Experiments with Identity Technologies
This is cross posted on Fast Company.
The Obama administration open government memorandum called for transparency participation, collaboration and federal agencies have begun to embrace Web 2.0 technologies like blogs, surveys, social networks, and video casts. Today there are over 500 government Web sites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government Web sites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.
Yesterday the United States Government in collaboration with industry announced a few pilot projects using emerging open identity technologies for citizens to use when interacting with government sites. I use the word interacting very deliberately because the government doesn’t want to know “who you are” and has gone great lengths to develop their implementations to prevent citizens from revealing personally identifiable information (name, date of birth etc).
How would you use this?–well imagine you are doing an in depth search on an NIH (National Institute of Health) Web site–and you went back to the site many times over several months. Wouldn’t it be great if the site could “know” it was you and help you resume your search where you left off the last time. Not your name and where you live but just that you were there before.
The Identity Spectrum helps us to understand how it all fits together.
Anonymous Identity is on one end of the identity spectrum–basically you use an account or identifier every time go to a Web site–no persistence, no way to connect the search you did last week with the one you did this week.
Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don’t reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.
Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give “fake” information or true information about yourself–it is up to you.
Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.
The government pilot is focused on supporting citizens being able to have pseudonymous identities that function only at one Web site–the same citizen interacting with several different government Web sites needs to use a different identifier at each one so their activities across different government agencies do not have a correlation.
It is likely that some readers of this blog know about and understand typical OpenID. Almost all readers of this blog do have an openID whether they know it or not because almost all the major Web platforms/portals provide them to account holders–MySpace, Google, Yahoo!, AOL etc.
So how does this work with OpenID?
Typically when logging in with OpenID on the consumer Web you share your URL with the site you are logging into–they redirect you to where that is hosted on the Web–you authenticate (tell them your password for that account) and they re-direct you back to the site you were logging in. (see this slide show for a detailed flow of how this works). Using OpenID this way explicitly links your activities across multiple sites. For example when you use it to comment on a blog– it is known your words come from you and are connected to your own blog.
Using the OpenID with Directed identity–de-links your the identifiers used across different sites but still lets you use the same account to login to multiple sites.
When you go to login to a site you are asked to share not “your URL” but just the name of the site where your account is–Yahoo! or Google or MySpace etc. you are re-directed to that site and from within your account a “directed identity” is created–that is a unique ID just for that Web site. Thus you get the convenience of not having to manage multiple accounts with multiple passwords and you get to store preferences that might be shared across multiple ID’s but you don’t have identifiers that correlate–that are linked across the Web.
How does this work with Information Cards?
This is a complementary open standard to OpenID that has some sophisticated features that allow it to support verified identities along with pseudonymous & self asserted identities. It involves a client-side piece of software called a selector–which selector helps you manage your different identifiers using a card based metaphor, with each digital “card” representing a different one. Citizens can create their own cards OR get them from third parties that validate things about them.
The government is creating a privacy protecting “card profile” to be used in the pilot program. It is NOT issuing identities.
Trust Framework are needed to get it all to work together.
From the press release yesterday:
“It’s good to see government taking a leadership role in moving identity technology forward. It’s also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon–it’s a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate,” said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. “Today’s announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it’s impossible to know whether a received identity is reliable.”
The OpenID Foundation and Information Card Foundation wrote a joint white paper to describe how they are working on developing this. From the abstract:
[They] are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.
These frameworks, based on the model developed by the InCommon federation for higher education institutions, will enable government Web sites to accept identity credentials from academic, non-profit, and commercial identity providers that meet government standards. These standards are critical as they represent the government’s resolution of the challenging and often competing issues of identity, security, and privacy assurance. Open trust frameworks not only pave the way for greater citizen involvement in government, but can enable even stronger security and privacy protections than those typically available offline.
These are all exciting developments but there is much more to do.
Looking (far) ahead there may be the opportunity to do selective disclosure–combining anonymity with verified identity.
How do these go together–you can take a verified identity claim say your birth date then using cryptography strip the specifics away and just have a claim that says you are “over 21”. Then using an anonymous identifier you have selectively disclosed your age without giving away your date of birth.
You could imagine this would be handy for citizens wanting to communicate their opinions to their member of congress without revealing their actual name and address – they could “prove” using a verified claim they live in the district but not reveal who they are. This aspect of what is possible with the technology is VERY forward looking and will take many years to get there. There is enormous potential to evolve the Web with this emerging identity layer.
I would like to invite all of you interested in being involved/learning more to attend the Internet Identity Workshop in Mountain View California November 3-5. I have been facilitating this event since its inception in 2005. It is truly amazing to see how far things have progressed from when we were 75 idealistic technologist talking about big ideas. at the Hillside Club in Berkeley. It is also some what daunting to think about how much farther we have to go.
Open Identity for Open Government Explained
Today the United States Government with digital identity industry leaders announced the development of a pilot project with NIH and related agencies using two of the open identity technology standards OpenID and Information Cards.
This is, as a friend said to me, a “jump the shark moment” – these technologies are moving out from their technologists technology cave into mainstream adoption by government agencies. We are seeing the convergence of several trends transform the way citizens participate in and communicate with government:
- Top-down support for open government
- The proliferation of social media
- The availability of open identity technologies
The Obama administration open government memorandum called for transparency participation, collaboration and federal agencies have begun to embrace Web 2.0 technologies like blogs, surveys, social networks, and videocasts.
Today there are over 500 government websites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government websites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.
The challenge is that supporting this kind of citizen interaction with government via the web means that identity needs to be solved. On the one hand you can’t just ask citizens to get a new user-name and password for all the websites across dozens of agencies that they log in to. On the other you also can’t have one universal ID that the government issues to you and works across all government sites. Citizens need a way to interact with their government pseudonymously & in the future in verified ways.
So how will these technologies work?
Those already familiar with OpenID know that typically when users login with it they give their own URL – www.openIDprovider.com/username. (see this slideshare of mine if you want to see OpenID 101) There is a little known part of the OpenID protocol called directed identity – that is a user gives the name of their identity provider – Yahoo!, Google, MSN etc – but not their specific identifier. The are re-directed to their IdP and in choosing to create a directed identity they get an identifier that is unique to the site they are logging into. It will be used by them again and again for that site but is not correlatable across different websites / government agencies. The good news is it is like having a different user-name across all these sites but since the user is using the same IdP with different identifiers (unlinked publicly) but connected to the same account they just have to remember one password.
Information Cards are the new kids on the identity block in a way – this is their first major “coming out party” – I am enthusiastic bout their potential. It requires a client-side tool called a selector that stores the user’s “digital cards”. Cards can be created by the end user OR third parties like an employer, financial institution, or school can also issue them.
In essence, this initiative will help transform government websites from basic “brochureware” into interactive resources, saving individuals time and increasing their direct involvement in governmental decision making. OpenID and Information Card technologies make such interactive access simple and safe. For example, in the coming months the NIH intends to use OpenID and Information Cards to support a number of services including customized library searches, access to training resources, registration for conferences, and use of medical research wikis, all with strong privacy protections.
Dr. Jack Jones, NIH CIO and Acting Director, CIT, notes, “As a world leader in science and research, NIH is pleased to participate in this next step for promoting collaboration among Assurance Level 1 applications. Initially, the NIH Single Sign-on service will accept credentials as part of an “Open For Testing” phase, with full production expected within the next several weeks. At that time, OpenID credentials will join those currently in use from InCommon, the higher education identity management federation, as external credentials trusted by NIH.” In digital identity systems, certification programs that enable a site — such as a government agency — to trust the identity, security, and privacy assurances from an identity provider are called trust frameworks. The OIDF and ICF have worked closely with the federal government to meet the security, privacy, and reliability requirements set forth by the ICAM Trust Framework Adoption Process (TFAP), published on the IDManagement.gov website. By adopting OpenID and Information Card technologies, government agencies can cost effectively serve their constituencies in a more personalized and user friendly way.
“It’s good to see government taking a leadership role in moving identity technology forward. It’s also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon — it’s a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate,” said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. “Today’s announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it’s impossible to know whether a received identity is reliable.”
Under the OIDF and ICF’s open trust frameworks, any organization that meets the technical and operational requirements of the framework will be able to apply for certification as an identity provider (IdP). These IdPs can then supply authentication credentials on behalf of their users. For some activities these credentials will enable the user to be completely anonymous; for others they may require personal information such as name, email address, age, gender, and so on. Open trust frameworks enable citizens to choose the identity technology, identity provider, and credential with which they are most comfortable, while enabling government websites to accept and trust these credentials. This approach leads to better innovation and lower costs for both government and citizens.
The government is looking to leverage industry based credentials that citizens already have to provide a scalable model for identity assurance across a broad range of citizen and business needs – doing this requires a trust framework to assess the trustworthiness of the electronic credentials; see Trust Framework Provider Adoption Process (TFPAP). A Trust Framework Provider is an organization that defines or adopts an online identity trust model involving one or more identity schemes, has it approved by a government or community such as ICAM, and certifies identity providers as compliant with that model. The OIDF and ICF will jointly serve as a TFP operating an Open Trust Framework as defined in their joint white paper, Open Trust Frameworks for Open Government.
Both the OpenID and Information Card Foundation have been working very hard on this for many months – last night I was fortunate to their boards at a history first ever joint dinner.
There are two women in particular though who have driven this forward: Judith Spencer of the Federal Identity, Credential, and Access Management Committee on the government side and Mary Ruddy of Meristic Inc on the industry side. Both of them will be speaking about the project at the Gov 2.0 Summit on Thursday.
Personally this announcement shows how far things have come since I facilitated the first Internet Identity Workshop in 2005 with 75 idealistic identity technologies talking about big ideas for use-centric identity. I am really looking forward to discussing these developments at the forthcoming 9th Internet Identity Workshop in November.
Web Finger! moving out into world
I love the Internet Identity Workshop! it is where innovative ideas are hatched, answers to hard problems are vetted and standards consensus emerges. This is just the latest in amazing collaborations that have emerged.
Web Finger was covered on Tech Crunch today with this headline – Google Points At WebFinger. Your Gmail Address Could Soon Be Your ID.
At IIW in May they had a session lead by John Panzer. The notes were not filled out that much but (All the Notes from IIW)
but there is a white board of their conversation and a link to what google had up.
Chris Messina spliced it together
XRD the discovery protocol is part of how Web Finger works. This spun out of XRI.
Techcrunch didn’t explicitly pick up on the fact that Eran Hammer-Lahev has been a key collaborator and is at Yahoo! (they did link to the mailing list where he is posting). He has been really driving XRD forward lately.
All exciting stuff.
DiSo ideas are not that new.
Reading these:
A Perfect Storm Forming for Distributed Social Networking– Read Write Web
Evolution of Blogging – GigaOm
The Push Button Web – Anil Dash
The inside Out Social Network – Chris Messina
The Future Social Web – Jeremiah Owyang
I realize how incredibly ahead of the times I was along with many of the people I have been working with on open standards identity and social web standards.
I wrote this describing open standards for distributed social networking online in April of 2004f or the Planetwork Conference (from Archive.org) that I was promoting.
———————— From Archive.org April 2004 ——————
In 2003 the Planetwork LinkTank white paper The Augmented Social Network: Building Identity and Trust into the Next-Generation Internet proposed weaving new layers of identity and trust into the fabric of the Internet to facilitate social networking for social good – online citizenship for the information age.
The LinkTank white paper outlined three main objectives:
- Establishing a new kind of persistent online identity that supports the public commons and the values of civil society.
- Enhancing the ability of citizens to form relationships and self-organize around shared interests in communities of practice and engage in democratic governance.
- Creating an Internet-wide system for more efficient and effective knowledge sharing between people across institutional, geographic, and social boundaries.
Currently each site with a login or membership profile is like an island, or at worst a walled castle, as no common inter-operation is possible among large numbers of them. Creating a truly interoperable network will require an explicit social agreement that governs the operation of the trusted network, and implementation of a new software protocol consistent with that agreement.
Identity Commons
[note this is a reference to the “first” Identity Commons – the current Identity Commons shares the values and some of the organizing principles of this first organization but evolved from it]
The Identity Commons is an open distributive membership organization, designed to develop and operate a common digital identity infrastructure standard based on the shared principle of protecting each user’s control of their own identity data. A common identity infrastructure must be embedded within a binding social agreement ensuring that the technology and its institutional users operate in accordance with core principles. In addition to developing this agreement, Identity Commons is managing the development and implementation of the new technology needed to achieve this as a fiscal project of Planetwork, a California 501(c)3 non-profit.
The Identity Commons is based on an implementation of two new OASIS standards:
XRI – a new identity addressing scheme fully compatible with URIs
XDI – specifies link contracts for shared use of data across the Internet
For more technical information see: http://xrixdi.idcommons.net
Once implemented, the Identity Commons infrastructure will:
- Give individuals, organizations, and even ad-hoc groups persistent addresses (digital identities) that can be used in many ways. Each party can decide what their own address links to, and who can follow the links.
- Provide single sign-on, enabling individuals to connect to multiple sites without having to provide a login and password to each.
- Empower user/citizens to manage their own consolidated profiles, which will be likely to stay up to date as everyone maintains only their own master copy.
- Generate network maps that enable communities to more efficiently understand their own membership, make connections, recognize patterns, filter messages, and self-organize around new topics and functions.
- Provide collaborative filtering services based on knowledge and reputation databases where contributors can also control their own level of anonymity.
- Enable group formation around common interests and affinities with reputation attributes for trusted communication, which could be the key to eliminate spam.
How is this different from what is already happening in the private sector?
Currently every web site has a privacy policy, but they vary widely, are rarely read, are only good until they are changed and are thus effectively useless.
The Identity Commons (IC) solves this by (1) replacing thousands of privacy policies with a single institutional membership agreement that simplifies the user experience. Every Identity Commons member site is party to a legally binding commitment that can only be changed by amending the IC membership agreement – which is governed by all IC members. And (2) by using electronic contracts to grant, record, and enforce data sharing across boundaries.
Ultimately there can only be one fully interoperable social network; just as email can travel anywhere on the Internet, your profile must also be able to do so. Microsoft would love to make this possible, and fully control it – their Passport system was designed to do just that. By hosting identity data for nearly everyone who has a computer Microsoft hopes to put themselves in the middle of every transaction they can.
In response to this, a group of large companies formed the Liberty Alliance which developed protocols that will allow institutions to “federate” data across company boundaries. Federation is an improvement over the Microsoft Passport model, however, both of these approaches treat individuals solely as consumers, and neither provide support for civil society, citizen collaboration or for individual citizens to control their own identity data.
The Identity Commons agreement and technical infrastructure is a way to correct this imbalance of power, allowing the Internet to fulfill its great potential as a “commons” in which individual citizens can interact freely and as equals everywhere on Earth.
————- end Identity Commons description from Planetwork’s 2004 site ———
Writing this document was the first work that I did as an evangelist for the proposed open standards for distributed digital identity to enable open distributed social networks.
I wrote it based on reading through all their work and listening to their vision of the founders of Identity Commons and those working together for 2+ years hoped for in the adoption of the open standards they were working on. These protocols are now all ratified in OASIS (one of three standards bodies for the internet the other two being IETF and W3C) – XRI, XDI along with XRD/XRD that spun out of XRI as it became incorporated in OpenIDv2 as a key part of what makes it work.
Identity that is user owned, controlled managed – and this includes the preferences, attention data, uterances, 1/2 of transaction data – is at the heart of what one needs to make this vision of distributed social networking work. I think until recently it has been misunderstood as esoteric and just talk – amazing progress has been made since the early days of the identity gang that community has grown and developed many of the conceptual understandings and protocols that are taken as givens.
Folks from what the identity community (and perhaps should consider “updating” its name to the identity and social web community).…invented – as in used for the first time these two words together Social and Web – SOCIAL WEB – (according to wikipedia)
With the title of this paper: The Social Web: Creating An Open Social Network with XDI
This paper was preceeded by the Augmented Social Network: Building and Trust into the Next Generation Internet
Like the Web or email, the ASN would be available to anyone. It would become a common part of the Internet infrastructure – a person-centered and group-centered service of the net. It will be implemented through the widespread adoption of technical protocols; any online community infrastructure could choose to be part of the ASN by implementing them. Central to its design are fundamental principles of openness, inclusivity, and decentralization — which are necessary for a thriving democracy. At the same time, the ASN would support the highest available forms of security to protect privacy.
The Identity Gang began talking/meeting in the later part 2004 and has continued to meet in the Internet Identity Workshop.
There is much wisdom that these communities have developed that can be useful in moving / re-articulating the vision… to be sure lessons are to be learned from understanding more about why certain approaches/standards/proposed ways of doing things didn’t happen (yet).
I think the market wasn’t ready for what the identity community was saying. As someone who has been evangelizing about this set of issues practically full time since 2004. In the first few years I would talk in a range of communities and at conferences about all these issues, user control, open standards the danger of the potential emergence of large silo’s that locked users in and people just “didn’t get” it was an issue or that there was even a need for these kinds of standards. Now the market is finally ready.
The 9th Internet Identity Workshop is this November – and REGISTRATION IS OPEN!
There is a whole conversation on the DiSo list where I highlighted this context/history. There might be a beer meetup in Berkeley this evening at Triple Rock at 7:30.
Great Identity News
Yesterday the Government hosted a workshop in DC: Open Government Identity Management Solutions Privacy Workshop.
The OpenID Foundation and the Information Card Foundation are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.
Drummond Reed and Don Tibeau announced their paper Open Trust Frameworks for Open Government.
Quiet and intense work has been going on since just before the last IIW on all this, so it is great to see it begin to see the light of day.
The OpenID Foundation had a wonderful new redesign that Chris Messina announced. This page really made me smile: Get an OpenID – Surprise! You may already have an OpenID.
Axel did a Wordle of it: