Identity crisis on the web

I went to IndieWebCamp drinks the other night and chatted to those guys about my ideas for KeyKitten.

We ended up chatting about what your main identity should be on the web. The two candidates are your email address (user@domain.com) or a URL, which for us techie people is probably simply a domain. On a website, you can put an hCard which can list all of your secondary identity information anyway, like email address and twitter handle.

The big advantages of email are that

  • Everyone already has one, even my mother
  • Everyone remembers their email addresses already
  • My mum will probably never register her own domain

Email is the primary identity of Persona and Gravatar. If someone logs in to your service using persona, you get their email address, not their URL.

URLs on the other hand are more powerful. I can put actual content on my website, including whatever contact information I want and an avatar image. We can do that with email addresses too, but its sort of hacked in. Gravatar (well, libravatar) works by rewriting foo@example.com to example.com/avatar/<hash of foo@example.com>. Which is a big awful nasty looking hack. Using hCard, you can just have a link to your avatar image from your homepage. Of course, if I own josephg.com, its pretty easy to put an image at josephg.com/avatar/<hash> anyway. Its just kind of haphazard.

The other benefit of URLs that @tantek kept talking about is that people shouldn't be siloed, and an identity like josephg@gmail.com is stuck in gmail's stack. As far as identities go, its not really a first class citizen. Maybe we shouldn't be building new infrastructure with the assumption of siloed anything. Maybe we should make people without a website feel the pinch.

I'm kinda convinced by the solos argument, but I still want to be able to send encrypted email to my mum. Not because we have anything to hide but more because fuck the surveillance state thats why. Its also much easier to programatically find someone's gravatar than parse an hCard entry.

URLs are a fun idea, but I think email based systems will win in the end amongst regular folk. And thats the hardest question of all: Ultimately, who are we making our software for? If we're making it for tinkerers and hackers, a URL will be fine. If we're making it for my mum, an email address is really the only way to go. There's something really appealing about designing and writing software for a smaller internet with just people who create on it. But its also insular and snobbish, and many of my friends won't make the effort to join me there.