follow me on Twitter
I seem to keep having the "i'm getting overloaded with [take your pick: email, RSS, social networks, logins, etc etc]" conversation over & over with knowledgeable people in and around the valley... however, i get the distinct impression that people around here don't have the same kind of problems the rest of the mainstream world does. Altho i'm a geek and i live in northern california and i work with startups all day long, i also have family back in West Virginia that lead very non-techie lives. I also used to work at PayPal / eBay, where much of the userbase is people who are very middle america. those folks appear to have similar problems to us geeks... but if you listen closely, they don't really use the same words to describe them. and because of that, the solutions tend to look and sound a lot different as well.
In particular, i've seen a bunch of blog posts recently about social networks and OpenID and related topics, and i think people are missing the point. while i and many other geeks who represent perhaps 1% of society suffer from "social network fatigue" and the desire for single sign-on, i don't think these are the same problems the rest of humanity is dealing with... or at least, they don't manifest in quite the same ways or drive to the same type of solutions.
[updates: WordPress and 37Signals now also supporting OpenID]
People in tech / silicon valley say things like:
* crap, i wish i didn't get so many invites to social networks
* crap, i wish i could bring my social network on site A over to site B
* crap, i wish i could import (some, but not all of) my email addresses into service X
* crap, i wish there was a simple, single signon service i could use everywhere
* boy, i'm really looking forward to when OpenId will catch on & solve all of the above
However, people in the rest of the world say things like:
* crap, i forgot my password
* crap, i forgot my password
* crap, i forgot my password
* crap, why won't this site let me use my normal [5-letter, insecure, kid's first name] password
* crap, i forgot that other password i occasionally use
forgive me if i remain a bit disillusioned that OpenID is a panacea to all of the problems noted above, or if i'm skeptical the average user suffers from "social networking fatigue". i think we're trying to solve the problems for the current 1% of the world who we THINK represent the future of the rest of the 99%. however, i don't think our problems are their problems... or at least they don't talk about them in the same way. altho it's possible the solutions have similar foundations, the implementations i've seen lately aren't anywhere near as simple as they have to be for mainstream america to find them useful for THEIR problems.
do i have a solution? nope, not yet. i use Roboform on the PC, and 1Passwd on the Mac, and they still don't quite solve all of my problems... they just help me remember ~500 combinations of usernames & passwords on all the sites i visit. they're probably not simple enough for the average user. however, they don't depend on the rest of the websites out there adopting any new standards, and they do work pretty well for me. but i'm not kidding myself these are a good enough solution for the other 99%. they're just a decent hack for me & other geeks.
will OpenID work someday? maybe. i think if the major platform sites out there (YHOO, MSFT, GOOG, others) decide to fully support the standard (possible, but unlikely) then maybe it's got some legs. that would be nice, but i won't hold my breath. failing that, it will still be a good solution that's probably too complex and too subject to phishing for the average mainstream user to adopt... at least in its current form. i could be wrong about that, however after working at PayPal for many years and seeing a relatively simple "single sign-on" solution work ok but not perfect for many users, i'd have to say it will probably take a long time to get there.
will one of the major platforms adopt some form of single signon developed outside their system? doubtful, altho Yahoo seems to be trying out openid. [UPDATE: AOL also seems to be trying out OpenID support... waiting to see how that goes]. more likely, they all hope their own existing acct services get adopted as standards. microsoft's hailstorm got rained out years ago before it even got off the ground, altho the new Windows Live Id (nee Passport) might see more use with Vista. google's account service (same guy, different decade) is starting to be required as a foundation service for all core Google features. same for Yahoo, altho they appear to have a little bit less of an world domination agenda and are at least dabbling other alternatives. Amazon, eBay, MySpace, AOL, and others are also large silos of users / passwords, but probably none of them big enough on their own to monopolize account management... but neither are they motivated or likely to join some open standard when they have tens or hundreds of millions of users already on their own systems. most likely, i think Yahoo, Google, and Microsoft (maybe Amazon a few others) will do their best to enable their own platforms and acct login services as standards that other smaller startups adopt. i think that's a lot more likely than OpenId catching on... dunno if it's better or not. probably i'd be ok with remembering 4 passwords tho.
and so, we have the problem we're in today. 3-7 big gorillas with absolutely no motivation to move to an open standard. thousands of other popular websites that will continue to implement their own account systems, with limited portability to other systems. millions of users who a) can't remember their password, b) keep using insecure versions of the same password that's easily hackable, and c) aren't going to change their behavior OR adopt a new single sign-on standard that's even modestly complex.
inevitably, you're just going to have to open another useless account. keep practicing.
More Startups. More Jobs.
I don't understand his point...
Posted by: Marko | Saturday, October 11, 2008 at 03:20 PM
Hey Dave,
Thanks for the comments on my post on Startupism. Just so you know, I have no problem with swearing, and no problem at all with the point you were trying to make. I completely agree that geeks often do not look at problems the same way everyone else does, and that often means the solutions don't work/don't make sense/are too difficult to use/grasp.
(Side note: MORE HECKLING! I'd heckle but as a non-panelist and non-pseudo-internet-celebrity I would just get kicked out.)
I think a major reason that 'middle America' isn't going to care about social network data portability is that different web sites and social networks are positioned differently in our minds - Myspace has the info about us that we have given it, which is a different set of information than what Facebook has. Most people, as far as I know, aren't going to be dedicating a lot of time to more than a few social networks, and will use sites with social networking features (event invites, photo sharing, things like that) only as much as they need to.
So why wouldn't I want portability for that information? Not because I don't believe in open standards or anything like that, but because I do not want all of these different web sites to have all the information about me that they want. They need to earn my trust, right?
I still have a sour taste in my mouth thanks to certain sites/networks' constant scraping of address books and other data to spam me because of other peoples' stupidity. By default I do not trust new social networks.
-Aaron
Posted by: Aaron | Tuesday, October 30, 2007 at 11:47 AM
I definitely agree with you that service provider adoption and user education are the two biggest hurdles for OpenID.
I only hope that it winds up like Internet email where the geeks use it and eventually it trickles down to normal people and the network effect forces silos to open up; and not like Jabber which is a great idea on paper but hasn't gotten traction with major service providers (outside of Google) and "Middle America."
Posted by: George Hotelling | Tuesday, February 20, 2007 at 10:27 AM
George -
the issue isn't whether OpenID is useful or not... of course i'd agree it is.
what i was trying to say is that the messaging & implementation around OpenID doesn't appear to be very easy for the average Internet user to digest (imho), and isn't setup well for success.
also, solving the problems as you suggest STILL depends on the mass market adopting OpenID -- and that means more than Microsoft & AOL just announcing support for it / experimenting with it.
having supported technical education & evagnelism at PayPal between 2001 and 2004 for both merchants & users, i can attest to the challenges of a) getting broad implementation, and b) getting mass adoption & user understanding.
in many ways, the use of PayPal as a centralized payment solution that enables use of multiple payment options while protecting user info mirrors the single sign-on implementation of OpenId. however, getting people to use & understand PayPal was a big and ongoing challenge. the same issues face the implementers of OpenID.
so while i agree it COULD solve the problems you mention, OpenID has to be implemented, positioned, and communicated well to the user base in order for that to happen.
and that's where i remain perhaps a bit skeptical.
i'd say there will still be a lot of people who depend on siloed identity systems provided by the big platform players, and that for many end users this will be a simpler solution -- since many of them will have already chosen to use / setup Google or Yahoo or other accounts, they will probably work as well or better for many users.
similarly, independent services & startups may see less "friction" with user education by simply offering to authenticate with Yahoo or Google (or Microsoft or other) identity services over OpenID.
in summary: i'm not against OpenID per se, and the benefits are perhaps there down the road, but they have an uphill challenge.
my .02,
Posted by: Dave | Tuesday, February 20, 2007 at 08:56 AM
First off, Yahoo! isn't (publicly?) trying out OpenID. idproxy.net is a 3rd party mashup that translates OpenID requests into Yahoo!'s BBAuth API. All it does is provides a way for people to use their Yahoo! account to authenticate against an OpenID URL.
Also, add Microsoft to the list of giant companies supporting OpenID.
As for the practical value, IF (and it's a pretty big if) OpenID gets widely adopted, it will fix a lot of the problems you identified with regular users:
"crap, i forgot my password"
Now they only need to reset their password once and they can still use their OpenID URL to log in, instead of having to reset their password on every single service they use.
"crap, why won't this site let me use my normal [5-letter, insecure, kid's first name] password" and "crap, i forgot that other password i occasionally use"
Now they can either pick a strong password and not have to remember any other ones, or they can go with an OpenID provider that allows weak passwords and not have to remember any other ones. Either way, those problems are solved.
In fact, OpenID appears to fix more of your "Middle America" problems than your "Silicon Valley" problems. AFAIK OpenID doesn't currently have any way to synchronize social networks, so 1,2,3 and 5 are not fixed by OpenID.
If Damon is right above about "forgot password" eating up the most customer service time, OpenID will be a huge money saver since web sites can offload that customer service to the OpenID provider. Of course at this point adopting OpenID would cause more customer support requests than it would prevent, but IF (big if again) OpenID hits the tipping point it will be a cost savings for companies.
Posted by: George Hotelling | Tuesday, February 20, 2007 at 08:13 AM
Believe it or not, "forgot password" is probably one of the single largest drivers of contacts into a customer service channel (even if you have a forgot password option available on the login screen!).
I think that you have an excellent post on defining needs for a larger audience (the common internet user) & that things that are too complex won't be adopted by your general user.
I really hope you don't have 500 passwords:)
Posted by: Damon Billian | Monday, February 12, 2007 at 09:52 AM
Dave,
Perhaps you've already read this, but danah boyd has excellent thoughts on this topic (in particular, the behavior of the average social network user):
http://www.zephoria.org/thoughts/archives/2007/01/01/ephemeral_profi.html
Posted by: Andrew Parker | Monday, February 12, 2007 at 09:13 AM