September 01, 2005

Flickr and Yahoo and Identity Management

(Note, updated below, 8:30am 9/5/05) I've been thinking about this identity issue since it came up Monday (okay, yes.. I'm really trying hard to take this week off from blogging but here I am, blogging).

Anyway, I had a thought Tuesday, and figured I would toss it out there. So, Yahoo could take it's hundreds of millions of IDs (that all authenticate in Yahoo's system through the front section of their email accounts) like joeblow468 which is really, and change those to iNames. Yahoo could become an iBroker for all of it's IDs, which are unique, turning them into:

or better yet

These IDs could then easily be interchangeable with Flickr IDs:

... I think what Yahoo is really looking for is something simple to integrate IDs between their company and those they acquire, as well as ways to make themselves more open. I don't think they intend to freak everybody out, or make them paranoid because of the necessary integration. If Yahoo used an iName system, all ID's no matter where they come from could be made into iNames, with Yahoo as iBroker, where they could then integrate additional ID's into this system. ID's from newly acquired systems could remain essentially the same.

Also, it seems like what really matters for Yahoo is not the hundreds of millions of IDs (well, yes they do for now..) but rather Yahoo wants to be thought of as forward thinking, innovative and useful. And they want to *be* heavily used. Creating user ease and control for authentication, and being new and innovative with identity management could accomplish that. Having great services like Flickr that users love makes them want to come back, not lock-in.

The point here though is that people are very sensitive about their identities. It may not be rational or in proportion to the issues at hand, but user's reaction to identity integration is one that you can expect to get from people if you build systems that don't take into account how emotionally and personally people take their identities, and digital representations of our identities.

(Update 9/6/058:11am)
Yahoo did not reset cookies last week, per Stewart's comment below. Instead, it just appears to have happened coincidently for a group of users I was with, and then someone confirmed this to me a Yahoo. But actually, it's not true. Instead my cookie (and about 10 others) were just randomly triggered to ask for a login, where we were asked to reenter our login IDs.(End of update).

I was presented with a login screen which had two entry points: one for my Flickr ID and one for my Yahoo ID, with a note underneath the Yahoo entry saying that once I used the Yahoo ID, I would need to always login with the it (this has since changed to explain the tie in of ID's with either type of login, but doesn't warn users that once a Yahoo ID is used, there is no going back). This was a bit jarring. I could not go back to my Flickr ID (the backend authentication ID, though my front end ID stays the same). I love Flickr. I use it everyday. It's my photos, my emotional representation of how I spend time, who my friends are, who I see now and then, what I care about. And they want me to integrate with my Yahoo ID, not something I feel is the least bit cool or fun or that I have emotional attachment to compared to Flickr.

I had to think twice about whether I wanted all my Flickr photos to be associated with my Yahoo ID, which represents 9 years of random email, plus some old website data (once upon a time, was hosted there for 6 months or something), and various yahoo groups, plus other random stuff. I don't think I do, because information online doesn't age very well. So I'm going to make a different Yahoo ID, when the time comes where we have to change over, so that my Flickr stuff can stay separate. But for now, I'm mourning a little bit the coming loss of my Flickr ID (for the login part of things). In a way, it actually represents both me, and my community interactions there.

(Note and lengthy update added here:) When I say the loss of my Flickr ID, what I mean is, the authentication ID that I use, which is an email address that I like. I don't mean the front end ID, which is slightly different, and what the world sees when they go to my photos. Nathan Arnold pointed out below in a comment that the front end ID isn't going away. And he's right. But from a user perspective, what I login with is a backend, or functional ID (my email address which is mary at hodder blah blah) and what appears in the front end is my Flickr ID name, or Mary Hodder, and for the user, these are functionally tied together. I put in the "mary at hodder" login email to get to the "Mary Hodder" account.

Which brings up another point. When I was making the example above, I used joeblow468 because to me it looks so much like what so many Yahoo and Hotmail and MSN and AOL emails look like: an address the user tried to get, that actually represented themselves, like joeblow, which was taken, so they wound up with some crazy kludge at the back of their ID or namespace, usually in the form of numbers.

My own Yahoo ID is not what I wanted, even from 9 years ago. It's got an extra "o" on the end of it, because at the time, the name I wanted (an old nickname from my boyfriend at the time) was gone. So since it had the extra "o" on the end, which I've never really felt good about. If it had some random number on the end, which at the time I was getting it, Yahoo offered me as a choice, I would feel even more random about my ID/email at Yahoo. It's one of the reasons I made that email sort of a dumping ground for (frankly) garbage. I couldn't get the name space I wanted, either for login (backend) , or as an email (front end and to be shared with others) that I cared about or for things that I want to keep well, like my Flickr account, which is perfect and pristine. So, by asking me to tie my perfect and accurately representative Flickr name space ID on their frontend, to my bastardized Yahoo namespace on the backend (for authentication), it feels bad. And I suspect this may also be what's behind some of the discomfort people feel when Yahoo asks us to enter a Yahoo ID to login, in order to come to a Flickr ID on the front end.

What iNames might do for Yahoo is allow them to also give many more ID names that people care about (maryhodder, for example, sans numbers) with something attached (like .flickr or .yahoo or .yahooligans or whatever they want to give after the initial namespace). That way, we could have the ID in the first section of the namespace that we care about, but have a different second name after the dot, which means that there could be lots of maryhodder's without a large number at the end). My guess is, we would start caring much more about things like our Yahoo accounts if we had a name ID that reflected what we wanted, and how we view ourselves.

No one views themselves as joeblow468... they view themselves as joeblow, and the idea that we have to put a number at the back serves to tell us that we are not unique, we don't really own our name (someone else does), and therefore I suspect that many feel like me about making it the place we don't care about or keep well. When all the good name spaces somewhere are taken, what's left is often treated as garbage. Others have told me they use these kinds of accounts as their "spam" accounts, but it would be interesting to do some research to see if many users are experiencing what I have just described. (End of update).

If Yahoo used iNames to manage identity, this wouldn't really matter. They could just take an iName into their system as a unique ID, whether it was or or =mary.hodder. Then they could show themselves to be really cool, by being open as an iBroker to allowing IDs to flow in and out of the system as well, as users choose to move their iNames about from broker to broker.

It would be an awesome thing for identity management if I could use my Yahoo ID to log into the NYTimes, or my bank, or whatever, or use my =mary.hodder to login to Yahoo or the NYT or my bank, with single signon where I control who gets what information from my iBroker and I can have a couple of IDs to quell nervousness if I feel too much is held in one place. But the fact is, having something simple that works everywhere would be really cool.

One of the people who works for me showed me a database on Monday, while we were discussing the Flickhoo flap, that she's been maintaining for the past 10 years of all of her logins all over the internet. She has 249 different logins at that many sites. Solving this problem, so that she could just use one or two or three logins everywhere, makes a lot of sense. And Yahoo could really take the lead on Identity Management by adopting a system that would create simplicity for users, and simplicity for themselves. And turn down the public relations flap a notch when they acquire companies and have to integrate users and ID's into the company.

Posted by Mary Hodder at September 1, 2005 08:22 AM | TrackBack

FYI -- Flickr is merely using the Y! ID for login purposes, it doesn't otherwise change your identity on Flickr.

So if you're "photojoe" on Flickr and "joeblow468" on Yahoo!, you'll still get to be "photojoe" -- you'll just have to login to the system with "joeblow468." But once you're in, it's all the same.

Yahoo! simply did a poor job of communicating this.

Posted by: Nathan Arnold at September 1, 2005 01:28 PM

Any chance of a correction on this Mary? Several people have picked up on it ...

Posted by: Stewart Butterfield at September 2, 2005 03:02 PM

Factual errors are not cool. Not fixing factually errors is double plus uncool.

The Yahoo/Flickr changes have nothing to do with identity- its only the login procedure, which is now done with an email address. Of course, you probably don't remember logging to flickr, since they let you stay logged in indefinitely.


Posted by: ryan king at September 3, 2005 06:26 PM

Hi Nathan, just returned from being out of town for the weekend, and so see changes above, to reflect your point. Yes.. what is changing is the login portion of my ID at Flickr, not the front end ID. However, from a user perspective, asking for an ID to authenticate, that is not in keeping with my front end ID, is problematic, and was the point I was trying to make above.

Stewart, I'm not sure what you are talking about. I did an immediate update to my aggregator, and all of my search feeds from Technorati etc show no new posts talking about this blog or linking to it. So I'm not sure what you mean about lots of people talking about whatever the problem is that you are talking about. Can you point me to their posts and also let me know what you want changed or updated?

Also, I'm sure this has been difficult for you, and I'm sorry that the whole flap thing has happened. I'm sure it was stressful and not what you intended. But I think it points to a lot of interesting problems that could be solved around identity and logins, which if corrected, might cause users to feel much better about their Yahoo ID's and use them better than some of us are now. Figuring those out would be very interesting.

Ryan, thanks for the comment. What can I say? I don't know what factual error you are talking about either, but leaving comments with misplaced certainty, and a narrow technical perspective about the bigger problem which is difficult to deny, on my blog is not a good way to behave, nor does it make me feel motivated to do whatever you are asking for (would you mind explaining the problem?) It certainly doesn't make me feel very good about conversing with you. I would love to have you here helping to figure out and articulate issues, but would you mind acting kindly and articulating problems instead of just telling me that I'm doubly uncool?

After my lovely weekend away, I came home to your comment and it kind of ruined the good mood.

Also, the Flickr/Yahoo issues have everything to do with Identity, as I explained above. I login with something that authenticates me (currently my own email, which is a digital representation of me and contains my name). That login ID takes me to my outward facing Flickr ID (also my name). Both are representations of me, digitally, though only one is public.

I feel some discomfort over the change asking for a Yahoo backend ID for authentication (the current one is a bad representation of me) to mix with the front end representation of me of something I like. I'm going to solve this by making yet another Yahoo ID, if I can think of something no one has used in 10 years ... this is in order to have the login portion of my ID at Flickr continue to be something that I like and am happy to have joined with the Flickr front end ID which I like very much.

This is what I tried to explain above.

I still have no idea what you are talking about, that is factually incorrect, but if you could explain it, and I agree that it's incorrect, I'd be happy to correct it.


Posted by: mary hodder at September 5, 2005 08:29 AM

You've found one of the places it showed up: -- here's another:

What I was talking about: we didn't "reset" anyone's cookies. Per the thread on Barb's blog, I don't know who you were talking to at Yahoo who said that we did (but would like to know :) -- I guess you could have all been at a location that gets to the net through a cookie-blocking proxy? Not sure.

As for the larger point, I don't see how anyone could read what you wrote here and come away with any other impression but that you had to change your screen name on Flickr. I've read your longer explanation in the comments so I understand what you are trying to say now, and now I've noticed that you added a parenthetical note: "the backend authentication ID, though my front end ID stays the same". So, that's better, I guess, though I doubt that any but the most observant reader would get what you mean (it sure *seems* like conflating credentials and screen name, especially since you use an email address to sign in to Flickr).

The underlying point is well taken, even if I would have preferred a presentation that was a clearer, given the circumstances :)

Posted by: Stewart Butterfield at September 6, 2005 07:45 AM

Hi Stewart,
Thanks for letting me know.

I was totally mystified yesterday, trying to figure this out. I actually had several people read it, throughout the day, that I was randomly on IM with, including Doc Searls, Kaliya Hamlin (both Identity Gang folks), Dave Sifry, Lisa Rein, Ana Vasconcelos, and we were all totally in the dark.

No one could tell me what was wrong. And I sent them to the Social Software weblog to read post and comments as well and we could not figure it out.

Thanks so much for telling me. I've made another update in the post, noting the change and the corrected information, and will leave comments at the Social Software weblog as well.

Really sorry for the confusion, and for stating something that wasn't true. I really thought that since the Yahoo person had confirmed it, it was correct. However, rather than get them in trouble, I will just let them know. I think it's best, yes?

Also, sorry that my post was not so clear last Thursday. Clearly I needed the three days off to rest and recoop. But part of the issue for me too is that in blogging this, writing about it, I learned a lot about identity, defined the differences with uses of identity, but also the coupled singularity for users between their login ID and their front end ID, and talked with a lot of people over the weekend at my camp (Save the Man, where we protest the burning of the man, and dang it, we failed again..). So really, getting clear on this has been very fruitful, and sharing that out, discussing it, in person and on the blog is for me, is what blogging is about. It's iterative. It's a discussion, and I think we blog because we have questions, often, not just because we have answers.

Anyway, again, sorry for getting that information about the cookie reset wrong, and I'll let other's know, including the people I was with last Monday.


Posted by: mary hodder at September 6, 2005 08:25 AM

I would suggest you to recommend Openid instead of iname.
Openid ( ) "is a decentralized identity system, but one that's actually decentralized and doesn't entirely crumble if one company turns evil or goes out of business."
OpenId is a more decentralized, open way of having an identity.
Paying Iname for letting other people call you mary is something that goes against decentralization, end-to-end, peer-to-peer communication, the Web spirit, openness.
"As a critical part of its mission Identity Commons is offering a time-limited opportunity for individuals to register a global i-name (opens new window) for 50 years for only $25 USD."
Wow, I should ask Identity Commons "can i be called by other people"?
I think OpenId makes much much more sense. What do you think?

Posted by: paolo at September 18, 2005 03:01 PM