You've found, or for short.

Since the first Internet Identity Workshop (IIW) in 2005, I've believed that pseudonyms are the key to safety and privacy in our on-line lives.

In particular, it's crucial to build systems that protect people automatically. One way to protect people is to help them choose pseudonymity without knowning it. We're not yet doing that.

The email/password anti-pattern is the worst offender, of course, as it encourages people to use the same ID and password everywhere. But even OpenID, while a superior method, encourages people to use the same ID everywhere. Worse, OpenID makes that ID a tastier target for hackers and phishers: Trick someone into telling you the password to his OpenID identity provider, and you can log in to all the services he uses!

Instead, I believe OpenID identity providers should create pseudonyms for each service, without even explaining to ordinary people why it's important.

So, while attending IIW4 in May, 2007, I registered the domain names and, with an idea to create an OpenID identity provider to give each relying party a different, pseudonymous directed identity. (In February, 2010, I registered and switched over to

The service also provides tools to let you manage the pseudonyms and, as you come to trust each relying party, disclose your "true" identity or correlate pseudonyms to build a larger (perhaps still pseudonymous) identity.

An open question: While this approach prevents relying parties from correlating pseudonyms, it doesn't solve the phishing problem at all. Once an attacker is logged in to, its tools disclose all of the services in use. What's the next step? How can such a service ensure that relying parties and pseudonyms are not disclosed, even to phishers.

Thanks for listening! Feedback welcome!


blog comments powered by Disqus