A9 search

Amazon has been pumping up its A9 search engine this week. It’s been getting stacks of press, and I even noticed this evening that an A9 search box has replaced the standard Google search box over at IMDB. (Probably not surprising, since Amazon owns IMDB, too.)

I remember taking a look at A9 when they soft-launched the beta earlier this year, and thinking, “meh.” Looking at it now, though, they’ve really thrown some coals on the fire. Multiple lists of search results on a single page make it a power searcher’s dream. It makes heavy use of personalisation, automatically keeping track of your search history. And if you install the A9 toolbar, it will even provide the “Personal Search” functionality I was so interested in having back in February:

“With the A9 Toolbar all your web browsing history will be stored, allowing you (and only you!) to retrieve it at any time and even search it”

The only problem is, now that it’s here, I feel somewhat reluctant to actually use it.

Amazon are quite up-front about what they’re going to do with people’s A9 browser history: they’re going to correlate it with their Amazon customer history to improve the customer experience they provide. Their privacy policy says pretty unambigiously:

“PLEASE NOTE THAT A9.COM IS A WHOLLY OWNED SUBSIDIARY OF AMAZON.COM, INC. IF YOU HAVE AN ACCOUNT ON AMAZON.COM AND AN AMAZON.COM COOKIE, INFORMATION GATHERED BY A9.COM, AS DESCRIBED IN THIS PRIVACY NOTICE, MAY BE CORRELATED WITH ANY PERSONALLY IDENTIFIABLE INFORMATION THAT AMAZON.COM HAS AND USED BY A9.COM AND AMAZON.COM TO IMPROVE THE SERVICES WE OFFER.”

I was a little bit freaked out when I visited A9 earlier in the week and found the “Hello Mr Martin Sutherland” welcome message at the top of the screen. I didn’t remember ever signing up with A9, and a quick look through my password safe showed that I didn’t have a separate user name for it. But because A9 is an Amazon subsidiary, they share their cookies, and so they can use my Amazon login to identify me.

Cross-domain cookie sharing is often considered a bad thing, because it indicates information leakage. How happy are you if Company X decides to suddenly share your private information with Company Y without notifying you–even if you had previously agreed to their privacy policy? (Though probably without reading it.)

A9 is a wholly owned Amazon subsidiary, so technically they are the same company. Also, I like, trust and respect Amazon as a company. (Heck, I applied to–and still want to–work for them.) Put together, these two statements should generate a nice bit of syllogistic synergy to give me warm fuzzies about A9. But they don’t. There’s something about the relationship, and the sharing of personal information that makes me feel…icky.

It’s hard to quantify exactly where the Ick Factor starts. I’m happy enough to leave Amazon in custody of all my book, music, and DVD browsing and shopping information. I have absolutely no problem with that. In fact, I want them to use it to improve my shopping experience.

But also giving them access to all my search history, and potentially all my browsing history? Um, no.

I think that A9 recognizes this. In addition to their fully personalised site, they also offer generic.a9.com, an anonymous version of the search engine. You still get the multiple search panels, but they don’t tie your searching back to a specific identity.

But is the non-personalised search really that much better than, say, raw Google? I think it’s a “damned if you do, damned if you don’t” case. Without personalisation, A9 is only an evolutionary step in terms of search; but with personalisation they go too far.

So why don’t I have the same icky feeling about Google, which I’ve been using almost exclusively for several years now, and which also has the ability to track its users’ search history? Well, I kind of do when it comes to Orkut, their social networking service. And this is, I think, the crux of the matter: I am happy enough entrusting specific chunks of my on-line life to specific companies. It’s when they start clubbing together to aggregate my personal information that it all becomes icky.

And then we’re back at national identity cards. Sigh.

We’re only a decade or so into the Internet Age, and there’s still a long way to go in terms of clarifying mores and defining a social contract between individuals and collective entities. This is all going to be really big and important over the next ten years, isn’t it?

Related links:

Establishing Identity

I’ve been thinking a lot about identity lately. Not in the psychological sense, but in the sense of establishing that you really are who you say you are. No matter where I turn, I keep stumbling across the issue:

  • Last week I had a dream about being on the run from the law. Fortunately, in the dream I had set up bank account under a fake ID, and I could still withdraw money without triggering any alarm bells.
  • On Sunday evening I was filling out a passport application form for Fiona. In order for the application to be processed, it will have to be countersigned by “a person of standing in the community” (e.g. an accountant, doctor, teacher, etc.) as evidence that I am Fiona’s father and not just some random dude applying for a passport on her behalf.
  • I’ve been looking at the new commenting features in Movable Type 3, and trying to untangle the shambolic mess of tags, script, and settings needed to provide integration with the TypeKey authentication service.

I have often thought about setting up an alternate identity. You know, just in case I might really need to go underground some day. How about you? How far have you gone down that road? In the questions below I’m not talking about nicknames, married/maiden names, names changed by deed poll, or other changes of name where your fundamental identity remains the same.

On-line:

  • Have you set up an email account under a different name?
  • Have you corresponded with other real people through this email account?
  • Have you set up a web site or a blog under that name?
  • Have you posted a comment or written an article on a third-party web site under that name?
  • Have you researched and fleshed out the background of this alternate identity to a greater degree than just name, gender, date of birth, and country of residence?
  • Have you set up a Paypal, or other online money transfer account under this identity?
  • Have you always used an internet café, or an anonymising proxy server for your online actions under this identity? (So that your actions can’t be traced back to your own internet account?)

Real life:

  • Have you ever rented a mailbox or a storage locker under a different name?
  • Have you ever acquired fake official id documents (drivers license, passport, etc.) under your own or a different name?
  • Have you ever acquired real official id documents (drivers license, passport, etc.) under a different name?
  • Are you acquainted socially or professionally with anyone who knows you under a different name?
  • Have you ever used these fake papers to prove your identity for some purpose?
  • Have you ever acquired a credit card or a bank account under a different name?
  • Have you ever paid for goods or services with funds from this card or account?
  • Have you made sure that there is no link between your real home address and the address in which the alternate identity is registered?

Score one point for every “yes” you had in the On-line section, and three points for every “yes” under Real life.

Although false identities can be used as vehicles for doing harm, neither the on-line actions I noted above, nor their real-life counterparts are in themselves harmful. Yet the real-life actions carry so much more weight, because identity in the real world is a much more serious thing than it is on-line. It’s serious enough that in many places, establishing an alternative identity is a criminal offense.

People are already twigging to the fact that on-line identity can be equally important. Microsoft’s Passport system was mostly intended as a single sign-in mechanism to help users log in to multiple sites without having to remember multiple user IDs and passwords. It tackles the question of identity in a de facto kind of way: by gradually bundling all your systems access into a single login (“passport”), this login becomes your primary on-line identity.

Six Apart’s TypeKey authentication service comes at the problem from the opposite end: from the outset, TypeKey has been all about identity, with single sign-in thrown in almost as a fringe benefit. It is being sold (in a “free” sense) to users as a mechanism for proving that you really are Joe Bloggs. If you leave a comment on blog X, your TypeKey identity can prove to the blog owner (and to other readers) that you are the same Joe Bloggs who left comments on blogs Y and Z.

However, in support of the axiom that on the internet, no-one knows you’re a dog, there is no way for TypeKey to establish that the identity “Joe Bloggs” doesn’t in fact belong to the real-life “Jane Doe”. And conversely, Jane Doe is free to set up multiple TypeKey accounts, so she can also be posting comments as “Adam Smith” and “Mary Robertson” whenever she feels like it.

FOAF and XFN are ways of establishing chains and webs of trust (A trusts B, B trusts C, therefore A trusts C, but possibly to a lesser degree) in a distributed manner. PGP (or GnuPG) public key signing provides a decentralized way of proving an identity, and as such is an alternative to TypeKey, but again with nothing to stop someone from having multiple identities.

As governments become more eager to distribute services on-line, finding a way to extend each individual’s single real-life identity into the on-line space is going to become more and more important. (Hello, biometrics.) Identity is also inextricably tied up with security, the buzzword of the decade, and as such will also be one of the keys to rolling back the tide of spam.

In real life, it is unusual and intuitively suspicious for a person to have multiple identities. On-line, though, it is almost the norm to carry around a different persona for every occasion. The present anonymity of the internet makes this possible. But with an increased focus on identity and security, is this a situation that can continue? Is anonymity a fundamental property of the virtual world, or is it just a passing phenomenon, indicative of the medium’s immaturity? Will it eventually become taboo to represent yourself on-line as anything other than your real-life persona? Or is the freedom to be whomever you choose something that our society is going to accept on a long-term basis?

It keeps me up at night, wondering if now is the last time I’ll be able to feasibly establish a new identity with the low-tech tools at my disposal. If I don’t do it now, will I regret it in twenty years’ time, when the UK has turned into an oppressive totalitarian surveillance state, and my humble blogging attracts the strict attention of the net police?

Okay…straying too far into paranoia there. But you know what I mean. Don’t you?

European Union Enlargement Day

To everyone in Cyprus, the Czech Republic, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, the Slovak Republic and Slovenia: Welcome to the European Union!

Welcome to the EU

Personally, I’m looking forward to increased immigration from these countries, and to seeing more products from Eastern Europe on the shelves of British shops. I’m looking forward to seeing the new member states influence the identity of the expanded Union. I’m looking forward to easier travel arrangements, and new opportunities for tourism, student exchange, and cultural exchange. I’m grateful that my taxes are being used for an immensely ambitious project to share the wealth of Western Europe with a host of countries that are not so well off.

And no, speaking as a Socialist, I’m not being sarcastic.

So, again, to my new fellow Europeans: welcome. I’m glad to have you here.

More on fingerprints

I’d like to spout off about fingerprints and biometric ID cards, but I’m running into several problems. First of all, I know enough about computer security, and security in general, to realise that I don’t actually know very much at all. Secondly, getting to the point where I could talk about it knowledgeably and maybe contribute an original thought or two would take a good deal of effort, and I’m waaay too lazy for that. And finally, I have friends who do security for a living, and they’d lay the smack down on me if I decided to talk buttocks instead of doing a properly researched article.

A small note on buttocks: this has become my new favourite word after listening to last week’s edition of The Now Show on Radio 4, when Marcus Brigstocke uttered the wonderful line:

“Your argument is buttocks. It stinks, it has a large crack up the middle, and frankly, it’s beneath you.”

So I’ll point you to some articles by Bruce Schneier instead: Fingerprinting Visitors Won’t Offer Security, IDs and the illusion of security and America’s Flimsy Fortress.

I don’t think that biometric identification is a bad thing in principle, so long as it is applied in a limited, secure, and privacy-conscious fashion. If there does have to be some way of “definitively” proving that a passport, ID card, or bank card belongs to the person holding it, then fingerprints or iris scans are relatively simple and immutable. Photographs are dodgy, signatures are too easily forged, and PIN numbers and passwords are too easily forgotten if you don’t use them regularly. (Ask the IT helpdesk of any moderately large organisation.)

However, that’s all it does: prove that the holder of the card in question is who they say they are. It doesn’t say anything about what you can do with that proof, like withdraw money from an account, or enter a country. Would a US customs official allow, say, Osama Bin Laden to enter the country just because his passport confirms that it geniunely belongs to him, and no-one else? No. You can’t do anything with identity alone. It’s like having a user ID with no email account to use it on. In order for identities to be useful, they have to be linked to some information.

For bank cards, this information is a bank account. Once you’ve proved who you are, a bank can link this identity to their database of accounts, and allow you access to the right funds. Likewise, what the new US border controls are intended to do is link your identity (as proved by a fingerprint, or a biometric passport) to their database of naughty people. If you are a naughty person, they will arrest, deport, or disappear you as appropriate. (Did I say “disappear”? Surely not!).

Generally, people will agree that keeping naughty people out or their country, or arresting them so they can’t do any harm, is a good thing. And it is. The real problem is how we define “naughty,” and how we allow that definition to change over time. Right now, we might be just talking about criminals with outstanding warrants, and visa violators. Should speeding tickets or parking violations be taken into consideration? How about information about your P2P music sharing habits? The allegedly defamatory comments you once left behind on someone’s weblog? History shows that once governments are granted a new power, they are very reluctant to give it up again. From Bruce Schneier’s essay “Fingerprinting Visitors Won’t Offer Security“:

“The U.S. system of government has a basic unwritten rule: The government should be granted only limited power, and for limited purposes, because of the certainty that government power will be abused. We’ve already seen the Patriot Act powers granted to the government to combat terrorism directed against common crimes. Allowing the government to create the infrastructure to collect biometric information on everyone it can is not a power we should grant the government lightly. It’s something we would have expected in former East Germany, Iraq or the Soviet Union. In all of these countries, greater government control meant less security for citizens, and the results in the United States will be no different. It’s bad civic hygiene to build an infrastructure that can be used to facilitate a police state.”

Security, as Schneier is fond of saying, is a trade-off. How much convenience and privacy are you willing to give up in return for a given increase in security? For a measure like fingerprinting visitors and requiring biometric passports, which won’t go any great distance towards combating terrorism, the answer should be: not much. But once these measures are in place, the potential for future privacy abuses will be boundless.