Michael Gracie

The blogosphere is abuzz this morning about the great news for OpenID - Yahoo! is now supporting the single user sign-on process. Kinda.

While you can read the grand headlines at CNet, Mashable, or TechCrunch, cutting to the chase is what’s happening here.

This is a pyrrhic victory for OpenID. Yahoo! is now allowing you to use your Yahoo! ID as an OpenID, but they aren’t ACCEPTING OpenID to log in to their site. Acceptance as a relaying party is where the bottleneck is - something Yahoo! themselves mistakenly aluded to on their own OpenID page:

OpenID is an open technology standard that solves all of these problems. The OpenID technology will allow you to use your Yahoo! account to sign in to hundreds of web sites! And this list is growing every day…

Nice. There were at least 120,000,000 million OpenIDs in existence, including those served up by AOL, MyOpenID, ClaimID etc., and now there are something like 370,000,000 with the inclusion of Yahoo! IDs. And there are hundreds of websites you can use it on? I’d hardly call this “finally reaching critical mass.”

Technical reasoning

I’ve heard a number of reasons why OpenID has had such a difficult time, but the biggest has surely been technical. It’s justified (coming from experience), and then not.

Getting your website to accept OpenID can be a bit of a chore. If you’re a blogger, your primarily reliant on the work of smart developers in the open source community. They produce the plug-in for, say Wordpress, and you download and install. If you are running a platform that isn’t getting much attention, you have to pull source from the libraries and try implementing it yourself - the same goes for any website you are running not using some “preferred platform.” And there are always associated problems to deal with - even though I prodded one outstanding developer to update a plug-in so I could accept OpenID comments on this blog, I’ve got database problems which I’m too busy (aka lazy) to fix so I can.

Conversely, putting up a simple OpenID provider is not too difficult a task. You can install a copy of Wordpress MU and add the OpenID plugin. You can grab a copy of Drupal which has most of the components built into the core. Or you can just pick up some free standalone server code and spend a few more hours tweaking it yourself. You don’t yet have a critical mass of users, but you do have a functioning system.

Boiling down misaligned incentives

It seems there is little or no incentive to accept OpenID, or I’m going to have to weigh some risks - and it is difficult to execute. Meanwhile, there are plenty of reasons to hand out IDs, and I can have a server up within hours.

Bottom line

Why aren’t the megaliths tripping over themselves to integrate relaying agents? The answer is simple - data. Offering OpenID on a provider-only basis could be a boon for sites - they have all the information associated with your use of their service, and can grab tidbits on your use of other websites. It presents the perfect opportunity for someone like Yahoo! to gather “social graph” information on its users without the cost associated with building (or buying) another Facebook. If you were allowed to use your third-party (or self-managed) OpenID on their site, you’d have no incentive to maintain your Yahoo! ID and Yahoo! would potentially lose two sources of information.

What’s needed

Acceptance is still the big issue. If millions of sites allowed OpenID, the authentication process could solve a lot of problems - it isn’t happening because there are few if any incentives to accept it. There has to be a tangible benefit for those allowing OpenIDs in (and please don’t say “but you’ll get more comments” - that’s like saying you’ll get more spam). I’m now beginning to believe that OpenID is also going to need choice, in the form of millions of OpenID providers. A dozen or so significant providers controlling hundreds of millions of accounts isn’t going to cut it. Unless of course it’s renamed OligarchyID.

UPDATE: Marshall Kirkpatrick says don’t throw a party just yet. Pay attention to the points about extension of provider brands versus extension of the OpenID brand.

UPDATE 2: Information Week yawns, and a press release confirms what Marshall Kirkpatrick inferred: this is about Yahoo! ID, not OpenID.

UPDATE 3: Yahoo! could have done much better here for sure. Maybe they should break themselves up before they bring their partners down with them?

Last week: a colleague asked me if I had been following the whole Facebook API bit. I said no, although I did admit I had a Facebook profile (inactive, and experimental) and he noted he didn’t (an age thing).

The next suggestion was that Facebook, with all the attention it is getting (including that of developers), would make Yahoo! “irrelevant.”

I’m not sure I’d stay logged into Facebook all day long to get my information, but a lot of people might. Is the come-from-behind social app a portal-killing platform or just the latest craze in a hyperactive online world?

UPDATE: Who cares - folks are already handicapping Yahoo! suitors.

UPDATE 2: A “neighbor” puts out a prescient analysis portending Facebook’s future. My inquiry is…it seems closed. Not index-able. How is someone to develop a persona on Facebook? And how does someone who spends a third of their time coding, a third of their time providing financial advice, and a third of their time fly fishing actually find these new “widgets?”

Facebook “opened” themselves up. But, in the grand scheme of the internet, did they?

It’s being called the “joint consumer internet security service”, but it sounds a lot like a distribution agreement to me. No matter.

Yahoo and Symantec will be co-branding Norton Internet Security tools, and offering them to Yahoo! subscribers at a pretty steep discount. The package will be wrapped around Yahoo! stuff like Mail, Toolbar, and Search.

Norton already updates subscriptions for a price, so I look at the provided discounts as a good thing. Cheaper protection for people less inclined to buy it on their own. The offering should also have a big impact on bug distribution, as Yahoo! has a ton of customers that may take them up on the offer. The more protected machines the better.

Fingers are pointing at Yahoo!, who is being accused of cavorting with spyware-like apps that automatically click on site ads. Accomplices are purported to include Nbcsearch and Look2me/Ad-w-a-r-e, as well as our old friends 180Solutions.

I’d like to hear Yahoo!’s side of this story, as I know there are plenty of other big companies out there to whom spyware paths lead, and I am sure some of them are Yahoo! advertisers too.

AOL (and Yahoo) are about to implement Goodmail sender payment systems into their email, and it has already been noted that individuals have little to fear - the process is for bulk mailers. Invariably, there will be a few delivery problems, but the onus will be on Goodmail and their clients to figure this out. Or, users will simply go to another provider.

Unfortunately, the news will probably cause more problems than the system, as people will misinterpret it as a hit on them. Why do I think this? Because the news is traveling fast - I get this, this, this, this, this, and this in my “inbox” on SuperBowl Sunday.
Read more »

I do check site stats - I am usually looking for what other people are looking for - keywords that got them here. I don’t try putting two and two together, to figure out who looked for what, and I don’t adjust postings based on keywords (unless I get a request to remove a name or something like that). It is more about curiousity than anything else. Seems that the federal government is curious about what people are searching for too, as they are after Google’s personalized search results.

I was tired of hacking the Safari search bar to use my preferred engine in place of Apple’s hardcoded Google “suggestion” (something that has to been done everytime the browser gets cued for a regular patch), and was using Google again over the last month. I just cleaned up those personalized results from Google, after getting tired of it making suggestions for me as well.

By the way, Google has NOT turned over any results to the government - how long they can hold off subpoenas is anyone’s guess. The Feds say they need the data for research into how often pornography shows up in online searches, but with all the chatter about spying and so forth, I just have to wonder…

Why isn’t the government just running their own queries?
Read more »