2011-07-27

Single sign-on across the web? No thanks.

Since the mid-1990s, large corporations (primarily) have been pushing single-sign-on-everywhere as the solution to all the ills of the world. "No need to remember multiple passwords, just use our authentication system!" Microsoft did it with Passport / Live ID, AOL did it, Facebook is trying to do it, Twitter and LinkedIn let you do it, and Google does it across all their services.

That's a bad idea for a number of reasons. Some of us have different credentials on different services on purpose. When I use services for my current employer, I like to use my work email address; it keeps my accounts clean when I change jobs. When I blog here, I use a non-workplace-specific work email address. When I log on to less serious sites, like YouTube, I use different credentials still. Single sign-on makes this more difficult--the easiest way around it is to dedicate a separate browser for each purpose, and that's not really a good solution. There is some overlap between work-work, work-general, and non-work--I like to have all my bookmarks in one place, for example, and so I have to set up bookmark sync between all my browsers. Sure, it's a good idea to do that anyway so I can have the same bookmarks on all my computers, but it's an extra step I'm forced to take because of single credentials.

I know Google now supports multiple sign-on, but you can't be logged into one service and be entirely logged out of another without logging out of all of them. In many cases I just don't want to be signed on into their services at all--I value my privacy, and I don't want everything I do on all Google sites to be linked to my identity by default. That should be my choice.

The purported convenience of single sign-on is primarily a way for large corporations to gather enormous amounts of very specific tracking information about users, and to collect sign-ups so as to drum up their numbers for shareholders. Microsoft's Passport had over 200 million users as of 2002--but creating a Passport account was an apparently required step for using Windows, so the actual number of active Passport users is likely a lot smaller than that.

I've worked in internet advertising and tracking for a long time and I know what it can do. I don't have a moral problem with it--tracking makes advertising more efficient and allows sites to tailor their experience to each one of their users. But it's getting harder and harder to avoid, and that's what bothers me.

No comments:

Post a Comment