I hadn't heard of either Promise or IndieAuth before reading this thread, so apologies if this is a dumb question. But one of the benefits of Promise is that it's pseudonymous:
> You will get a unique identity pr. service you use. This ensures that relying parties have no way to profile you across services.
For me, this is actually the biggest reason that I stopped using social sign-ins. It's not that Google might disable my account one day; it's more that I don't want Google or Facebook tracking me.
How does a decentralized system handle this? If my identity is my domain, doesn't that mean that all these websites now have a unique id which they can use to join together all their separate pieces of data about me?
You're right, all the websites could band together to coordinate and share that the same person logged into each site. They do this today with email addresses and phone numbers explicitly (and implicitly with "advertising IDs" and the like). The Facebook "like" button and Google analytics are both tools to make it easier to track you around the web. Getting away from being able to track you around the web is going to take a lot more than just an anonymous ID as your login credential.
That said, the unique identity is still valuable--Apple offers this with their third party sign in[1]. Practically, if everyone was using self-hosted identity, then the tools would probably make it easy for you to create and track your own new identities for each service you use. This isn't build into something like IndieAuth today, but with the right DNS settings you could have arbitrary subdomains return the same authentication options and act as easy-to-use "sub identities".
Being pseudonymous is one of the main selling points of Promise.
Only by being pseudonymous can it provide the level of privacy that should be expected from the global authentication infrastructure that Promise wants to be.
Isn't that a problem, like "let's get rid of Google and all the evildoers because they know too much about us" then "oh we realize we created another one which knows too much about us"?
I get where you're coming from, and this is something I've been thinking a lot about.
It would be possible to not save the map, and then use some kind of hashing to infer user ids for each site. I chose not to do this, to be able to guarantee no collisions. This might be silly, though. But the thought of people with colliding user ids makes me giddy.
The data stored looks something like this:
{
"ids": {
"example.com": {
"07c5c163-875f-424c-a659-a4f99e74eb12": "default"
},
"other-example.com": {
"ab38b2a6-d560-43d3-b2a3-9148cd91d1b4": "default"
}
}
}
Worth noting is, that there is no personally identifiable information (PII) here.
But we have to have the discussion if this is "too much" data to keep about a user. AFAIK this is the bare minimum of data needed, to be able to guarantee no collisions of user ids. If there is another way to do it, we should do that!
> You will get a unique identity pr. service you use. This ensures that relying parties have no way to profile you across services.
For me, this is actually the biggest reason that I stopped using social sign-ins. It's not that Google might disable my account one day; it's more that I don't want Google or Facebook tracking me.
How does a decentralized system handle this? If my identity is my domain, doesn't that mean that all these websites now have a unique id which they can use to join together all their separate pieces of data about me?