![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
In a discussion on the Portable Contacts mailing list today, one of the more knowledgeable members pointed out (essentially) this url, which feeds a Twitter entry into Google and asks for other identities of that person.
It's pretty clear from the result that Google is trawling the social graph world, and pulling in all the links. There's no rocket science here, but it was a bit startling to see that it went from my Twitter account to my personal homepage (which isn't linked from Twitter). It clearly went from my Twitter profile to LiveJournal, and then from my LiveJournal profile to the web page. Which isn't much in and of itself, but the example he actually gave shows how many different profiles can be sucked in this way.
This is mostly a good and useful thing, but needs to be treated with care, because none of this stuff is validated. That is, almost all of these data sources allow identity A to claim to be the same person as identity B, without B agreeing to it, so you can't actually trust this data too far. It looks like Google is managing this correctly, as a directed graph of claims (that is, it can implicitly be read as "A claims to be B which claims to be C which claims to be D"), but it *looks* like a simple bundle of identities for the same person.
So I'm waiting for someone to misread this stuff and write an app that simply assumes that A, B, C and D *are* the same person. Which will be subject to some really interesting identity-fraud hacks, because it's quite easy for, say, me to *claim* to be Bill Gates in this mechanism. (Or, more sinisterly, for someone to set up an account that links a target to some anonymous Flickr account that is posting child pornography.)
Pay close attention as this stuff evolves, because online identity is a really tricky problem. And while I believe Google understands what it is doing here, I don't necessarily have as much faith in everyone who will be using these APIs...
It's pretty clear from the result that Google is trawling the social graph world, and pulling in all the links. There's no rocket science here, but it was a bit startling to see that it went from my Twitter account to my personal homepage (which isn't linked from Twitter). It clearly went from my Twitter profile to LiveJournal, and then from my LiveJournal profile to the web page. Which isn't much in and of itself, but the example he actually gave shows how many different profiles can be sucked in this way.
This is mostly a good and useful thing, but needs to be treated with care, because none of this stuff is validated. That is, almost all of these data sources allow identity A to claim to be the same person as identity B, without B agreeing to it, so you can't actually trust this data too far. It looks like Google is managing this correctly, as a directed graph of claims (that is, it can implicitly be read as "A claims to be B which claims to be C which claims to be D"), but it *looks* like a simple bundle of identities for the same person.
So I'm waiting for someone to misread this stuff and write an app that simply assumes that A, B, C and D *are* the same person. Which will be subject to some really interesting identity-fraud hacks, because it's quite easy for, say, me to *claim* to be Bill Gates in this mechanism. (Or, more sinisterly, for someone to set up an account that links a target to some anonymous Flickr account that is posting child pornography.)
Pay close attention as this stuff evolves, because online identity is a really tricky problem. And while I believe Google understands what it is doing here, I don't necessarily have as much faith in everyone who will be using these APIs...
![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif){kind=small}
msmemory