Sunday, January 27, 2013

Do you really want to log in to all sites with your Facebook ID?

Nowadays, it's easier to stay anonymous in your local grocery store, than online. I kid you not. I have patronised my grocer since 5 years. I estimate that I spend upwards of Rs. 24,000 per year with him. I doubt if he knows my full name. If I did not ask for home delivery, he would not know my address. He does not save my mobile number and he has no way of hounding me if I never visit him again. 


These oases of anonymity are rare to find in modern times. As a user, have you noticed that on any news site or ecommerce site, you are being urged to sign in with Facebook, Twitter, Google or some other platform where you are an existing user?



In the old days, every site would required us to sign up individually, and we did it cheerfully, because we really needed those sites. And let's face it, there were not so many sites. I recall maintaining a dog-eared notebook with a handwritten list of user IDs and passwords on different sites - Yahoo!, YouTube, ICQ, Rediff, GeoCities and a number of different forums. 



Then social networks entered. Then e-commerce sites entered. Then suddenly, every site, too many sites were demanding that we sign in. Life became too complex. We chose to use sites anonymously, and many sites started allowing us to do that, trying to at least get more visitors and page views, than put us off by forcing us to register. However, they lost out in doing this - they were unable to profile users beyond rudimentary facts like IP address/ country/ browser. Meanwhile, sites like Facebook and Twitter had amassed tons of rich data on people's interests, social networks and activities, data far richer than any site would get by simply taking your email address, date of birth etc. 

Then the concept of Open ID was born. Open ID is a simple but brilliant idea of 'sharing' your basic information with sites without compromising your privacy. New sites that you want to register for can access the basic information from a site you use and trust (like Facebook). The idea was that a user can control and decide how much information he/she shares through Open ID. 

Open ID has evolved over years. 'Social login' is used by many news sites to track the stories you read on Facebook and recommend them to your friends. Many sites have even enabled social login for commenting on blog posts/ articles, in order to reduce anonymous trolling. 

Yet I have remained uncomfortable with the idea of using a common facebook or twitter login, across the web, for a simple reason. My Facebook ID is the 'real me', and it's different in my head from Nisha the blogger, Nisha the managing partner of Bright Angles, Nisha on LinkedIn and Nisha the anonymous user of many forums. The fragmentation of identity on the web is real and Google + 'circles' capture it best - there are things you will share about yourself in different circles, and this compartmentalisation needs to be maintained. I do not want to respond as a commenter on sites using my facebook login. I would rather take the time to identify sites that really need to have my information (primarily e-commerce sites) and sign in separately. In all other places, I am ready to take the trouble to create an account, but I want to share just what information is necessary, than the 'bare all' stance of giving my Facebook ID. I am not even coming from a concern about security, but from a concern about  identity. Several tech bloggers and developers have concurred with this view, notably Marco Arment, creator of the Instapaper App.

So, I was very pleased to see recently that TechCrunch in a recent post titled Commenters, we want you back!, has discontinued Facebook comments and replaced it with LiveFyre, noting that Facebook killed a lot of valid participation from genuine commenters. 

My stance on social media and social login has always been - act on the assumption that everything you say in public domain, will stay in the public domain. However, as a user, I do want to choose which public identity I assume in which domain. I do prefer to avoid using a Facebook or Google login where I have an option.

What is your stance?