Thursday, April 13, 2006

Do you really need an account?

As part of his "The Story of Digital Identity" podcast series, Aldo Castanada interviewed Ben Adida, a Phd candidate in crypto at MIT.

Ben made one comment in the interview that caught my attention.
.... everything you do is tied to some kind of identity, at least a pseudonym, because otherwise it's not that useful. I mean, if you go back to Amazon, and Amazon doesn't keep track of anything you do, then it's not a very useful web site ...

Ben seems to be suggesting that Amazon (and other such sites) must necessarily have some sort of persistent pseudonym for users in order to provide them any sort of useful and customized experience.

This ignores the very real potential for anonymous interactions with service providers, where a user's attributes can be asserted by some identity provider as needed, but no persistent account need be maintained at that service provider. Everytime they reappear at the service provider, they see the user fresh (excepting any cookies they might have set on the browser).

Bottom line, service providers will need to know something about you in order to provide differentiated service. Such information could include shipping address, calendar info, reputation etc. Today's reality is that service providers force users to create a credentialed account in order to allow them to track and cumulatively collect such information across multiple visits. But it needn't be this way if the information was supplied as necessary by some other identity provider.


Ben Adida said...

That's a fair comment. In theory, you don't need the account to live with Amazon. But then how do you provide the service "people who like this book also bought this other book?"

There are conceivable cryptographic ways for collaborative filtering, but I doubt they will be implemented at any point in the near future since they remain extremely inefficient. So, if Amazon knows all the books you bought, then it probably has an effective identifier for you. Then the alternative is to have a third party hold this information about who's buying what, in which case this third party knows who you are....

In the end, I don't see a reason why Amazon would give up this service when it's one of the primary reasons why they have repeat customers. Pseudonym-linking seems inevitable, in practice, for personalized services.

Paul Madsen said...

true, it feels like there are two (at least?) classes of identity data - and the Amazon's are unlikely to give up control of the class comprised of previous transactions.