December 2, 2008

Facebook Connect and a failure to understand online identity management

Facebook has recently announced the rollout of a new feature called Facebook Connect, which will allow users to login to other websites using their Facebook identity and information and which will then potentially feed back to a users Facebook network information about their actions on the site (“Amanda is watching a video on Hulu”). Sold as an identity management system, and similar to programs announced this year by other major internet players like MySpace and Google, and these features purport to save the user time and energy by allowing them to port over personal information and in the case of Facebook, privacy features, as well as to up the social nature of the use of these secondary sites by allowing users to “bring their friends along.”

However, these new tools seem to ignore a fundamental disconnect between our online and offline identities. In the offline world, we don’t present ourselves in the same way to all people in our lives – we show different sides of ourselves to our mothers, our friends, our employers. And even in the age of fine-grained privacy tools, those tools do not eliminate the complexity of figuring out how to best present oneself in a multi-use public space, particularly for those who have personal, professional and family contacts on these sites. Not only that, on Facebook, how others use the site through comments, wall posts and tags and how that information is connected to you via that other person’s feed, also adds additional layers of complexity to online identity management. How information flows through an online network isn’t always clear until suddenly it is made mortifyingly obvious. And now, Facebook is adding yet another layer of complexity on top of this, yielding a new round of personal behavioral scrutiny: is it OK for my coworker or professional colleague to know that I was watching a video yesterday? Or that I shopped at the Discovery Kids website? Do I want them to know that about me? And what about my child who uses these services?

More essentially, do I want these other websites to have access to all the personal information that I have (or my child has) provided to Facebook (or Yahoo or Google?) Or do I want them to have access to a more limited amount of information? Or do I want to use a different identity with them? Maybe I want to use my work address? Or home address? Maybe I want my interaction with a particular site to be purely professional or purely personal? The core of these questions boils down to: Do I trust them?

Our offline identities and the manner in which we manage them are complex. Even with advances in privacy controls we still do not have perfect online analogs for the subtleties of offline interactions and relationships.

All of these new technologies may be promoted as a time saving tool but ultimately they also require a loss of flexibility in how I share my personal information that overwhelms what ever time savings I reap from avoiding the onerous burden of typing variations of my information into yet another web site registration form. On top of that, they burden me with a constant self-surveillance of my online activities beyond what’s already required as a part of my participation in an online social network.