There’s some excitement around the web today among a certain group of high profile techies. What are they so excited about? Something called WebFinger, and the fact that Google is apparently getting serious about supporting it. So what is it?
It’s an extension of something called the “finger protocol” that was used in the earlier days of the web to identify people by their email addresses. As the web expanded, the finger protocol faded out, but the idea of needing a unified way to identify yourself has not. That’s why you keep hearing about OpenID and the like all the time.
But those standards, while open, have failed to latch on in a meaningful way with the public at large. One of the holdups is that you have to set up a website or service you use to be your OpenID. It’s relatively easy to do, and you may already have one ready to go, but just not realize it. But it’s still kind of tricky to explain to a regular web user — wait, you login with your website?
But something everyone on the web knows is their email address. And they’re conditioned by services like Google and Facebook to use it as their identifier. The problem with it has been that it’s just a string of text, nothing more. You cannot attach information to it to let others know a bit more about you — something vital for true identification. Then idea behind WebFinger is that you should be able to attach any information you choose to your email address.
The excitement today is that a group of Googlers have apparently finally not only gotten Google’s support to pursue the project, but that they have started working the technical details. As Googler Brad Fitpatrick writes today:
In other words, we’ve eliminated both technical & political hurdles. We can now work on this spec, implement, push, try, rinse, repeat…. until we’re all reasonable happy.
Googler Brett Slatkin (incidentally, Fitzpatrick’s partner in making PubSubHubbub) explains to us that while it hasn’t been turned on yet, and that there’s still a lot of work to do on the spec, the idea is to go into testing mode soon. Fitzpatrick notes that there will be a small experiment going on internally with some Googlers’ Gmail accounts.
Without knowing much about the technical details behind it, the core idea behind WebFinger immediately strikes me as a good one. It’s taking something everyone knows on the web (your email address) and making it immensely more valuable as a way to identify yourself and information about you. Exactly what kind of information? Here are some of the ideas from the WebFinger Google Code page:
- public profile data
- pointer to identity provider (e.g. OpenID server)
- a public key
- other services used by that email address (e.g. Flickr, Picasa, Smugmug, Twitter, Facebook, and usernames for each)
- a URL to an avatar
- profile data (nickname, full name, etc)
- whether the email address is also a JID, or explicitly declare that it’s NOT an email, and ONLY a JID, or any combination to disambiguate all the addresses that look like something@somewhere.com
- or even a public declaration that the email address doesn’t have public metadata, but has a pointer to an endpoint that, provided authentication, will tell you some protected metadata, depending on who you authenticate as.
This is definitely something to watch for in the coming months.
[photo: flickr/chris owens]
I can’t wait to get fingered.
That’s what she said.
If that is what she is looking forward to, then I pity the foo
Samuel Ryan’s comment already conveyed this humorous angle.
Too subtle for you?
YES.
Google, WE NEED MORE GMAIL IDENTITIES!!! PLEASE!!!
GOOGLENTOLOGY is really impressive!
I am just wait to realesa of google-farth!
yes…Unique identity is a must to have an universal verification. Google’s web finger idea seems to do that soon with e-mail address. This looks authentic and secure and has features to attach any kind of information to the e-mail address. This would help to track end users just by e-mail ids globally.
O Man,
That was the most apt and hilarious comment I’ve ever read online. lmao here
I hope to finger and be fingered soon.
Thanks Google!
PS: I remember in the good old days when you could finger pretty much anyone. Glad to see we are returning to those freer days.
I’m actually serious… but this is so funny to type that I’m second guessing myself.
that was a great protocol. and .plan was the first twitter of all
This isn’t the same webfinger that’s in my history…oh wait, I deleted that one from my history…lol
wow, back to the 12-year-old-boy geek jokes…
what’s next, gopher and archie?
You obviously have no idea what you are talking about.
You are the one who obviously has no idea what you are talking about.
Hmm, you look like a good fingeree !!!
I’d love to be your fingerer
raheem i believe you would make a better fingeree, right up the ass
all these guys make me want to throw up the food i just ate. ugh. it is lulz though.
who let the girl in our clubhouse. didn’t you read the sign? No Girls Allowed.
Cool, this reminds me of WHOIS records for domains.
Maybe they could integrate this in with CrunchBase, heh. Free idea!
I’m hoping for this.
I told my Mom this same thing… she signed up for a GMail today, and it’s setup like this: last.first25@gmail.com.
I was like, “Mom, why did you pick 25?”
Her: “Cuz that’s how old you’re gonna be”
I was like, “Mom, you realize this could be your email address for life. You can’t change it every year”
Then she took another sip of wine.
HA
hahahaaa. i helped my dad set up a hotmail and he forgot it in less than 5 seconds. i am not a friend of old people. also maybe she just wants to remember you at 25.
yeah this would work well. this would work no matter what technology was used….ie. php/asp/java etc.
i think scripting languages are going to dominate the landscape soon and web finger works really well with JavaScript which is a good mid point for php and Python
cool!
Better then getting poked….or is that just me?
Just thinking out loud here…but when is IRC coming back?
I think we left IRC, I don’t think IRC left us… I’m just sayin’
Internet Chat Relay? I still use it everyday!!
only issue i see is getting spammed! if i list my username then all heck (hell) will break lose!
i dont want my email to be an ID!
agreed
Gee, having lived through finger in pre-web days and watched various evolutions of protocols come and go, I could have swore that the whole purpose of LDAP was to facilitate precisely what is being described here. Yet another wheel being re-invented?
I just posted before reading this article my solution to this problem (slide 8): humanid number. http://humanidp...t.blogspot.com/ A unique number you purchase and keep in a universal database. All your personal data belongs only to you and owned by you.
Have a look at the handle system http://handle.net – roots in digital persistence, funded by you know who, and close enough to be DNS for everything else. While I’m at it, let me ask a question: What if I could copyright my SSN? Who owns it, me? the government? both? The power of identifiers is just that – power. If you or the government you are represented by do not own the digital equivalent of “you”, then digital identity is largely ephemeral with the added benefit of all the downside.
An appropriate unique ID really depends on its intended use.
If you were trying to come up with a guaranted unique numbering scheme that people can self-determine, and that could also be relatively easily verified, you might go with something related to an experience that we have all been through: your UTC date and time of your birth, combined with the precise latitude/longitude/altitude of your birth. You, alone, were born in that exact place and time, and it’s an experience that we all share – everyone after Adam and Eve, I suppose.
You actually possess a range of numbers, depending on the precision of the time and geo-coordinates, and so you could potentially use different numbers for different purposes.
And if you were born on the 3rd floor maternity wing, but someone was born simultaneously below you in the hospital garage, sea-level-based altitude takes care of that.
It’s a system that can be used for many years – although people born on other planets are a little tricky to calculate, as you need to connect the line between the center of the earth and the birth location, to determine what “earth-based” latitude / longitude / altitude you should use. But it’s still a unique number.
Get to work on that system!
1. Many people don’t know their exact date/time of birth, let alone exact coordinates.
2. Other people surely don’t know your date/time coordinates, so they can’t look up data on you based on that. They do know your name / email. That’s actually what makes it your name – that other people know you by it.
3. On the web, people don’t want a permanent ID. Being able to create new emails from time to time is good.
damn the name webfinger makes me horny.
One thing I wish I had was a system or service that would track every service I’ve ever used or registered for with a given email address.
I want to stop using an archaic address I signed up for years ago and I have no idea of knowing the hundreds of forums and newsletters I’ve signed up for over the years.
yes. something like this should happen. i want to know all the other fake id’s i’ve set up for various websites and services.
Periodically start fresh. It’s cleansing. You can leave behind the baggage.
Pick a new unique ID and start using it today. Remember, there are people born every day who haven’t yet used the internet, so you wouldn’t be alone in being a noob.
Only before Google takes over the world?
What I’d really like is a Facebook Connect for B2B or LinkedIn Connect so that I can authenticate the business visitors to my website and let them easily download content over multiple sessions. This would be idea for lead generation. As far as I know the existing ID tools wouldn’t really work well for this becasue they are mostly based on personal email address and don’t support the info I currently ask for in the lead form. It would be nice if this WebFinger could do that but I suppose you’d need a Google Apps account.
Assuming a unique connection to Gmail, this project be hard pressed to achieve mass appeal. It needs to be truly independent from all proprietary technology to be successful.
In case someone hasn’t already pointed it out, this bit: ‘It’s an extension of something called the “finger protocol” that was used in the earlier days of the web to identify people by their email addresses’, is somewhat incorrect, due to the common identification of the web with the Internet.
They’re trying to do what .tel does with email addresses instead of domains, in a much more complicated manner.
yupp.
Cool. And how about linking a phone number to it?
Is it just me, or are you all happy at the fact, that Google is now that much closer to having the ability to explicitly track your every action on the intranets.
And you all seem to be happy. Kind of like a National ID, except of the government, you all are screaming for joy.
I’d be happy to get any points of view that I seemingly must have missed.
the fact that you don’t have to have one, and that if you do have one it can only include information that authenticated parties can see, and that it is a protocol not a service so you wouldn’t have to use google’s servers or services in order to implement it for yourself if you were really worried about it.
Indeed, but you see in theory, “Authenticated Parties” surely does sound nice.
But, those “Authenticated parties” are known to do just about anything under pressure. So while they are in the green, they keep singing, but the second they see the red approaching, all bets are off.
In either case, I feel uncomfortable enough having google keep history attached to the gmail. Anything else for sake of convenience is a no go for me.
It’s not just you, pard. I’d be scared not only of uniting identity info under GoOgle, but also of the credibility issues that will arise. Identity theft possibilities will run rampant, of course, as will identity impostors. And GoOgle has proven itself not to be of full integrity in the realm of PII protection/respect.
nope. i was just going to post my comment at the bottom of the page about how finger id was used in the past, but i don’t know if it’s something i want to be re-reinvented again. is it really that necessary. i don’t want to have one id. i like how i can do things now. times have changed.
I’ve been secretly hoping the web will unite under 1 sign-in for each person. There is openID, but I’ve not seen it used in many places. I keep seeing “sign in with facebook” or twitter, or a dozen other services, and it can all be a little daunting.
I would like it if Google lead some kind of movement to unite sign-ins, and this, perhaps, is teh start of that. I truly believe Google aims to better the Internet, so screw all those people who think Google are too big.
Of course, there’ll always be sites that won’t use something like this, unfortunately.
I have to agree though with some of the issues raised in other comments, regarding spam and privacy.
I would love this, but with the way the internet works right now it just isn’t a viable option.
everytime i go to a site that i have to use open id and use one of the various ways of identifying myself i curse, because although useful, i don’t like it. if i want to post a comment on your blog but i ahve to have an openid…i won’t feel like returning to your blog and keeping up with your updates. why do people need to know who another person is on the wwb. i don’t want to have a singular id to use for every website i visit. if it makes my life easier then i will consider it.
why do you want to be anonymous?
Because we are a legion.
/b/
because it’s the internet. i don’t want my id broadcasted to everyone online.
That’s how you use ‘freedom of speech’ right!
Wow… last time I used the “finger” command was 15 years ago to find phone number of teacher at university… Forgot how useful it was. Interesting development to “[bring] back the finger protocol, but using HTTP this time.”.
None of this solves the real problem that inherently ALL Internet email remains more public than a POSTCARD…
Spam is obviously a concern. Also, I use aliases for each service I sign up for. apple@domain for iTunes, facebook@domain for Facebook, etc.
Can I just have my domain be The Finger?
Well whats new about this…I am not sure… I am working on developing and marketing EasySecured Password Less which offers better security to your online account.
can somebody finger me i want to check if my new .plan works
zctl sub message \* \*
you forgot to make it world-readable.
I hate this… knowing google it won’t allow you to have more than one finger…
what I mean is one google account open all at a time…. sign out of one, sign out of all..
yeah i think people got your original comment.
Could that be solved with a smarter browser?
Something like the FF CookieSwap addon, but better?
This doesn’t solve the trust problem. How can http://www.bigf...nancialbank.com trust an identity from slacker@noname.com?
This seems like a natural evolution of the iFart API. I hope the government looks into regulating this
At the core I think its a good idea.
One of the many reasons that Facebook resonates from a purely link sharing through e-mail perspective is because it sorts out your contacts e-mail address the same way that a cell phone remembers a contacts phone number. It is much easier to send information to contacts that you have not taken the time to organize within your e-mail client by actually having entered all of the pertinent information in addition to the e-mail address utilizing a socially networked database. Google profiles and products services like Gist that allow you to self designate this information or organize it automatically will affect this dynamic. Pull my finger.
Wow… and soon Gopher back? Silly…
Well, it sounds like a great idea.. We will see soon I guess
I (like many people) have different email addresses for different purposes. I hope this is taken into account as they flesh out the spec so there’s no need for duplication of date.
pull my finger!
Speaking of WebFinger, Google gave me the finger.
Gmail is a free service and if, like me, your account gets hacked and you no longer have access to it, Google doesn’t care. Hey it is a free service. If your identity is wrapped up in your Gmail account, it is now gone. Access to your blogspot weblogs and many of your other Google services are also gone.
I tried going through all their circular FAQ paths to get it back. I even tried reaching out to google employees I had some vague connection with.
Nothing.
Through my research, you need to have a real good friend in Google for anything to happen.
MarkDilley@gmail.com is now MarkWDilley@gmail.com and it sucks to lose your Google identity.
How is pairing with WebFinger going to help any of this? Is their answer really, ’such is the life of an Avatar?’
What can an average person do to get their Gmail identity back? Let’s start our own FAQ – http://AboutUs....urGmailIdentity
Quick question..
Does this make mail sent to flag@whitehouse.gov more fishy or less fishy?
Not only does this allow for privacy-invasive tracking (did you know that my real email address – not the one I use on TC, which expired years ago – is used on many accounts that no one else has any idea I use it on? With this sort of technology everyone might learn at least some of my secrets) but it also allows for blatant, open, and socially acceptable discrimination against everyone who doesn’t have this sort of profile data baked right into their email addresses.
The day will come (probably sooner than later) when Web users will be discriminated against for not having an email address with all of the “required” information baked into it before they join a forum, leave a blog comment, join a web service, etc.
For example: If Arrington wants very fine-tuned, granular control over who is leaving comments on this blog, he could (theoriticially) choose to filter out any comments from people with non-Google profile-data-enhanced email addresses.
The only good part of this project (for now) is who is undertaking it: Google. Google’s email service is not that popular (at least not yet), so only a small subset of the online population will be “card-carrying”, so to speak (it’s the online equivalent of being required to flash your “license” or “papers” every time someone looks your way; it gives me creepy Nazi Germany vibes just thinking about it).
If Yahoo and/or AOL were to adopt this standard and if blogs and other sites were to adopt it as a requirement for joining online web services or for leaving comments or forum posts, it could spell the end of the anonymity on the Internet as we know it (of course, if this “spec” became the norm across multiple email services, to preserve our anonymity we could – and should – create “garbage” or “disposable” identities [with no personally identifiable information attached to them at all] to circumvent the data-richness of such email addresses).
Big Brother, sliding in on us another inch day by day…
okay i am just dismantling my google love, but seriously i know the idea is a good one but i don’t want to be fingered by google.
good lord. now everyone will be able to see which porn sites i’ve subsribed to using this email…?
What is a JID?
A JID is a Jabber ID: http://en.wikip..._and_addressing
my biggest issue with openID and all the other mechanisms is that cut back on my privacy. at first i though openID was a great idea as i would no longer have to provide personal info to some of the site i entered. the reality is that instead most sites that began to except openID had previously been completely open and i very much preferred them that way. please i do not want anyone to learn any more about me from my email address than what my email address is.
+1 for privacy
I think we need to clarify things a bit here. Webfinger is only a discovery protocol. It’s objective is to tell an application where your personal information is located. However it does not actually hand over your personal information. That is left to downstream applications like OpenID and other identity protocols to handle.
For those who have expressed privacy concerns here, I would like to say that the people “in the know” who are working on these downstream applications have discussed and addressed those concerns.
Gopher and archie – the return… Can we bring back BBS’s too?
Finger…lol…
/me slaps MG Siegler around a bit with a large trout
Here’s yet another reason for my mother and brother to be paranoid. They convinced me not to set up a Google profile because it would be too open. Turns out that it may be beside the point, since Google apparently wants to do away with privacy altogether.
Also, this would make it even easier for dictatorships like China to crack down on dissidents. Google is incestuous enough with the Chinese Stalinists as it is.
THEN idea behind WebFinger is that you should be able to attach any information you choose to your email address.
not much you can do though about “…until we’re all REASONABLE happy.”
No. 1) People did do and will always change their email addresses for any of the following reasons: a) Spam. b) Avoid people. c) Vanity or other reasons. d) Change to a different vendor. 2) An Email address, like a mobile/cell phone number is associated with a specific technology, therefore, if that technology is surpassed, the identifier will become obsolete. 3) An email address is not as convenient to exchange as, say, a phone number.
A far better solution is a neutral identifier, say a 1 to 30 character alphanumeric iD that is cross references to a secure database – with full user control over the data associated with the iD.
My employer has much experience in this and perhaps we can share our thoughts in due course. There are many issues to be considered, from privacy to scaleability.
more mind control from our “friends” at google. The ones so eager to consensually pass your data to google (like you’re passing a salt shaker) should take a good look at just how much they already know
http://www.seom...data-collection
Seems to me the webfinger just makes it easier to complete the identity puzzle.
Does the slight convenience justify the potential for abuse?
Somethings everyone in the Webb industry ignore:
1) Each one of us at least one fake account.
I got 4.
2) Some of us has either several real email accounts, one as a primary and secondary
3) With all the names that already taken, what email addresses will be available for the next generation.
I agree completely. As the result of the lack of “alpha” names. I think the next generation will utilize numeric identification on the web. Unlike in the 1980’s when having a cell phone was a business luxury. Each of us have now has a cell phone. We keep our cell phone number longer now. In fact, many of us no longer have land lines because our cell phone is our primary method of communicating with others. It’s time that our cell phone numbers become our Domain Name on the Web. xxx-xxx-xxxx.com. It uniquely identifies without putting us completely out there.