I enjoyed Identity Woman's post Am I to “old” to get Facebook? - or do they not get it?

She raises questions that many people I know feel uncomfortable about. Are we older and wiser or just plain older when it comes to thinking about Identity Privacy online!?

One reason we invented Glynx was as a big experiment – do (enough) people care enough about privacy to want to maintain separate Personas and keep the audiences of these separate? Is this a business? Of course the only way to truely test this is to build a tool (and a business) that enables users to manage claims locally and  publish, find, associate and share claims as peers. Providing Identity claim information to third party servers (social networking sites, login credentials sites such as an OpenID server or contact details sites) necessarily means you give up observation and control of personal Identity information to at least one other party.

So far interestingly I would say the answer to the question has been mixed (to the extent that there is anyone interested enough to seriously discuss this topic with us - this probably warrants another post). Most people who have engaged us have done so with puzzlement – “why would you want to be private”? My answer is mixed – there is plenty of utility in being public but in the end I have four big concerns that mean I could never go totally public (i.e. delegate all my Identity authority to a third party).

• It concentrates power over my online life in a/the server business which makes me vulnerable to abuse.
• It is fine for me to make a mistake but if all my Identity information is held by a third party with essentially unregulated Ts & Cs, I have to trust them (and all their agents), forever, which seems like a ton of trust. And there are plenty of examples where this trust has been misplaced.
• In the real world my Identity is exchanged peer-to-peer – I go to a bar and give my driver’s license to the doorman to check. I don’t give my driver’s license to the Bank (say) and tell the doorman to call the bank to let me in (infact I would feel very uncomfortable if this was the case). Why should the online world be any different – who’s business is my business anyway?
• I may be fine about being represented by a server business but why should I provide information about my relationships? Many people represented by my relationships have not given me authority to use their information in such a way. Privacy laws prohibit businesses giving out their membership lists. Why do server businesses expect a lower standard of their members? This erodes the trust others place in me.

Ultimately we must take responsibility for our own relationships and our own claims. Only in this way can we have integrity in the relationships we have and only then can we give real meaning to “trust”.