Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Intelligent Machines

Who Controls Identity on the Web?

Facebook and Mozilla have contrasting visions for the future of your online identity.

The race to own your virtual identity is on. In announcements made just days apart at the end of April, Facebook and the Mozilla Foundation launched parallel efforts to extend the way users are identified and connected on the Web.

Identity parade: A concept browser designed by Mozilla would let users control a single identity for logging in to different websites.

The two approaches are fundamentally different. Facebook’s Open Graph Protocol uses the oAuth standard, which lets a website identify a user via a third-party site without exchanging sensitive information. Facebook–whose 400 million active users make it the world’s largest social network in the world–stands to benefit as other sites come to rely on the information it holds about users and their social connections.

The approach taken by the Mozilla Foundation, which makes the Firefox browser, comes in the form of a suite of browser extensions. One of the extensions, called Account Manager, can replace all of a user’s online passwords with secure, computer-generated strings that are encrypted and protected with a single master password. Mozilla’s identity extensions can interact with other identity standards, including OpenGraph, oAuth, and OpenID, a standard that allows any website or Web service provider to host a social network-style profile of a user. The goal of the Mozilla Foundation’s efforts is to establish a set of open standards and protocols that could be implemented in any browser or website.

As much as possible, identity would be moved out of the webpage itself and into the “chrome” of the browser–the parts around of the webpage. Logging in and out of sites would be accomplished through buttons at the top of the browser that would activate secure protocols–rendering the process of creating and memorizing usernames and passwords obsolete.

“Every user of the Internet today is expected to describe themselves to every site they go to,” says Mike Hanson, principal engineer at Mozilla Labs. Inevitably, Hanson says, this leads to confusion and security holes, such as passwords that are identical across multiple sites.

The solution, according to Hanson, is to let the browser itself manage user identity. Weave Sync, another Mozilla extension, is designed to enable that vision. It stores encrypted versions of a growing list of data on a Mozilla-hosted server (or any user-specified server), including a person’s history, preferences, bookmarks, and even open tabs, which can be synced across two or more browsers. This allows users to have the same browser workspace on any device that supports Firefox or its mobile equivalent, Fennec. There’s even a prototype for the iPhone, built on top of Apple’s Safari browser.

Last fall Mozilla Labs also commissioned Chris Messina, at the time a researcher in residence at Mozilla Labs, to design a Web browser that would manage the other half of online identity–a user’s social graph. In Messina’s mock-ups, a user can interact with people on the Web in ways that go beyond what OpenID or Facebook’s OpenGraph currently offer. “The idea of a social browser is important to me because it’s the single point of integration for all websites,” says Messina. “It’s the one thing that knows who you are across all social experiences.”

Messina’s designs envision a browser that lets users “follow” other users by viewing all of their relevant information streams–Facebook, Twitter, Flickr, etc.–collected into a single browser tab stamped with that user’s profile picture. A similar interface could also be used to control exactly what personal information other people and websites have access to. This could allow, for instance, a user to change her shipping address across any number of sites at once, or to control which version of their identity a particular groups of friends can access. “I’m not interested in the [Mark] Zuckerberg approach, where privacy doesn’t exist anymore,” says Messina, referring to the CEO of Facebook.

Both Facebook and the Mozilla Foundation will face challenges in pushing their own vision of online identity. John Mitchell, a professor of computer science at Stanford, says the most significant barrier will be the adoption of suitable protocols. Before such protocols can be standardized and rolled into, for instance, the next version of HTML, Web developers are going to have to be willing to experiment.

“What I’ve seen from a lot of companies is an attempt to guess the end solution and build that only,” says Mitchell. “It would be better if, instead, we had an open architecture where people could try many different approaches.”

If the new Mozilla software and Messina’s designs are sufficiently popular with users and developers (not to mention the influencers who sit on the boards of standards committees like the World Wide Web Consortium), then the foundation’s technology could find its way into the regular release of Firefox and perhaps, ultimately, into other browsers.

To Messina, just drawing up the blueprints for such technology was an important first step. “We’re further away from the death of the password than I’d like to be, but it’s a nice goal to aim for,” he says.

Want to go ad free? No ad blockers needed.

Become an Insider
Already an Insider? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.