Automattic,Gravatar, and the Elusive Unified Identity
I think I will be blogging with more discipline now. Everyone needs a break from constant writing, and I think I’m done with mine- I miss your comments 
Also, no more Adsense, it was only an annoyance.
Anyway, the most interesting news in the blogging/tech world today, delivered to me via my Wordpress dashboard (Wordpress is the software powering this and millions of other blogs), is that Automattic, the maintainers of the Wordpress project have acquired Gravatar, the simple tool popular on Wordpress blogs that creates a unified avatar image for you across blogs.
An acquistion of one small project by a startup is always interesting, but this one is particularly peculiar. Why Gravatar? The creator of Wordpress says it was “A good fit“. What does that mean? Sure, Gravatar integrates with Wordpress, but so do thousands of other plugins. Why this one?
The reason is unified identity. The evil OpenID. Gravatar’s offerings are used by many thousands of people wishing to use the same pictorial identity across sites. And, although the feature is not widely used, a wordpress.com account can already be used as an OpenID. You also need a Wordpress.com account to use any of Automattic’s Wordpress plugins, like Akismet. As Wordpress expands and grows, you can bet that more and more sites will require a Wordpress account- or, at the very least, an account with an OpenID server. Wordpress is betting big on OpenID the evil OpenID. If OpenID as a unified login service takes off, you can bet that Wordpress.com will be the #1 OpenID server. What does that mean for you? It means this guy will have access to not only your surfing habits, but also your passwords:
I love Wordpress. But the relentless specter of OpenID, now championed by Wordpress, scares me.
My posting schedule is incredibly erratic. Instead of checking back here and being disappointed, grab the feed.
Related Posts:
Why OpenID is Going to Destroy the Internet
The Panoptic Web
Freebasing the Sematic Web
Villainy and Debauchery in Search (Not really)
OpenID doesn’t give anyone access to passwords any more than regular sites have access to passwords. And if they’ve built their system correctly, passwords will be stored encrypted.
You also have a choice with OpenID. You don’t *have* to use WordPress.com. You could run your own or get an OpenID from someone you trust equally.
I also doubt that WordPress will ever be the biggest OpenID provider; I do think, however, that they’d be wise to embrace the protocol and offer an example of how to be a benign OpenID provider.
To clarify, the guy in the picture is the creator of Wordpress. A regular site only has access to your passwords for that one site- an OpenID server has access to your passwords for EVERYWHERE. Encrypted passwords can be cracked, and all it takes is one malicious employee….
Sometimes it is just frustrating for us ignorant users, it seems that once you almost figure something out, another better thing comes alone. It would be great if we could login everywhere with just one set of user and pass. Of course this does bring into play the person that breaks your logon will have access to everything
I certainly think that the combination of gravatar and OpenID is a natural one. I won’t believe that OpenID is being “championed by WordPress” until WordPress is an OpenID consumer, as well as an OpenID producer.
@Ilya: OpenID removes the need for remote passwords. I’m not sure how being an OpenID provider gives away your passwords “everywhere” since you only ever have one username and password — to your OpenID provider! It is true that you’ll need to trust your OpenID provider, but how is that any worse than getting a credit card or bank account? And as I said, you can just NOT use WordPress.com.
@Jane: that’s the point of OpenID. Instead of using the same username and password everywhere (meaning that more people are storing your raw username and password), you use one OpenID and then authenticate against your identity provider. This means that you only have to remember one URL and one username and password combo. And it means that you’re not shopping around your username and password everywhere — remote sites only now your URL, which is more or less the same as knowing your username.
To tell you the truth, I don’t use Gravatar because I have never really understood it. :/
[…] [OPENID] Automattic,Gravatar, and the Elusive Unified Identity […]
The acquisition will do good for gravatar though. It was kind of declining in popularity and it’s was declining. But it might pick up again after this… Though I still prefer using MyAvatars (takes pic from MyBlogLog)…
honestly there aren’t THAT many major ones to login too, but on the other hand it can be a pain in the ass…would be nice if their was one universal one but then that would be like a monopoloy. Btw that shirt is pretty damn funny about blogging ur mom
I like to obtain some anonymity online. I use AKA’s to write on different blogs or comments. I don’t want to be spidered into some aggregation company taking my feedback and pooling me into some “author” category with a robot. Lets make their job harder! remain anonymous, unless you are a monopoly, then you have to express it outright or I’ll sue you! WTH am I talking about.
i don’t understand why u are not interested about adsense? how many adds u wanna use depends on U. if u use the adds in a right way in positioning then they don’t make things worst to look. and the other things u said is ok.
I think it could be a good move from the company. Like it or not there is a market for such a product, and they are in a favorable position to harness it.
We offer cheap services in the filed of search engine optimisation and internet marketing. We accept all sorts of like keyord analysis, content writing, link building, social bookmarking and directory submission.
Well it’s a cmpany and companies do what companies do, buy, sell, destroy, kill etc…
Lol, Google does not kill
I wantthat tshirt!
I’ve actually created a Gravatar class if you click the link in my name. Loosely coupled and works like a dream - it also has a cache with an expiration date for the avatar - to save on loading times. It can merely load the avatar in locally.
Adam @ TalkPHP.com
Do I sense a touch of paranoia here?… I believe that you’re confusing “authentication” with “tracking”. Things like the MS Passport, Yahoo ID or Google ID can, indeed, be used for “tracking” browsing habits, since the authentication is centralised — it means that a single entity has complete control over where and how their users’ authentication is being employed.
OpenID is a radical departure of this concept since it provides complete decentralisation. Anyone can set up their own OpenID authentication server — and use the OpenID URL from your own server, which only you can track down — and nobody else.
So it’s the exact opposite of your claim! Instead of “It means this guy will have access to not only your surfing habits, but also your passwords” what it actually means is that nobody will be able to track down your surfing habits if you host your own OpenID server (or, well, use one that you fully trust).
The beauty of the system is that you don’t actually need to “register” on people’s blogs to drop comments. You just provide them an URL and nothing else. The only entity that ever sees your password is the OpenID provider you picked. But, if you’re insanely paranoid, you can easily become your own OpenID provider — you don’t need to trust anyone else! — and your OpenID URL will work on all OpenID-enabled applications. Even if your lowly server is running on an old 486 at your home, fully secured behind triple firewalls.
I believe that you should spend a bit more time reading deeply about how the decentralised OpenID model works before giving in to rampant paranoia. Your other post seemed to indicate the same trend of mindless fear: “one login for the whole of your authentication”. That’s simply not true; you can have as many OpenID URLs for authentication as you wish (even on several different OpenID providers, or even several different ones coming from your own OpenID server at home!), and use them differently. The difference is that instead of registering to 56,376 sites, one by one, giving out all your data each time you want to reply to a blog/forum/wiki anywhere, you just need to place one of your many URLs. Of course you can have different identities/personas, each with their own OpenID, and use the one that’s more appropriate for the site where you’re contributing. Of course each of those personas’ URLs can be on different OpenID servers, so that they can’t be correlated with each other. Of course that you can create a network of very close-knitted, paranoid friends, all having their triple-firewalled-computers standing at home, and agree with them to run OpenID servers on each, and only ever use OpenID URLs coming from these “ring of extra-secure servers from known and trusted friends”. OpenID allows all of that. And it does the job quite well.
Really, I think you’re missing the point totally. It’s not about WordPress “taking over the world” and “forcing” you to register an OpenID account with them — yes, another account, like everybody else. No. It’s about allowing all blogs and bloggers using WP to accept the most decentralised authentication model currently in existence, and allowing registered users (on someone’s OpenID server, not necessarily WordPress.com’s) to bring all their information (nickname, email, Gravatar, blog address) when posting.
If they wish.
Lotensin….
Lotensin. Lotensin and ibuprofen. Lotensin hct….
Don’t use openid. I prefer just leaving comments with a trackback to my site. Never really understood wordpress as I’m on the blogger platform.
Samsung F490 Review
Brand new Mobile phone Plasma tv , Laptop game at cheap price come with complete accessories with one year
international warranty.
Email address : mary_sales005@hotmail.com
NINTENDO WII…….$250USD
NOKIA N95 8GB….$400USD
IPHONE 16GB……$350USD
iPHONE 8GB……..$300USD
IPOD 32GB………$350USD
NOKIA N96………$500USD
PS3 60GB……….$300USD
SAMSUNG SGH-U900………..$300USD
SONY ERICSSON XPERIA X1…….$450USD
AND MANY MORE…………
FULL SPECIFICATION FOR SAMSUNG SGH-U900
General 2G Network GSM 900 / 1800 / 1900
3G Network HSDPA 2100
Announced 2008, February
Status Coming soon. Exp. release 2008, April
Size Dimensions 105 x 49.5 x 12.9 mm
Weight 112 g
Display Type TFT, 16M colors
Size 240 x 320 pixels, 2.2 inches
- Navigation panel
Ringtones Type Polyphonic (72 channels), MP3
Customization Download
Vibration Yes
Memory Phonebook 1000 entries, Photo call
Call records 30 dialed, 30 received, 30 missed calls
Card slot microSD (TransFlash)
- 128 MB shared memory
Data GPRS Class 10 (4 1/3 2 slots), 32 - 48 kbps
HSCSD No
EDGE Class 10, 236.8 kbps
3G HSDPA, 7.2 Mbps
WLAN No
Bluetooth Yes, v2.0 with A2DP
Infrared port No
USB Yes, v2.0
Features Messaging SMS, EMS, MMS, Email
Browser WAP 2.0/xHTML, HTML, RSS feeds
Games Yes downloadable
Colors Silver
Camera 5 MP, 2592?1944 pixels, autofocus, image stabiliser, video(QVGA), flash
- Java MIDP 2.0
- MP3/AAC/eACC /WMA player
- FM radio with RDS
- T9
- Picture editing
- Organizer
- Built-in handsfree
Battery Standard battery, Li-Ion 800 mAh
Stand-by
Talk time
WE MAKE SHIPPMENT VIA UPS OR FEDEX EXPRESS OR DHL EXPRESS IN 2 DAYS AFTER CONFIRMATION OF
PAYMENT………
Email address : mary_sales005@hotmail.com
mary_enquiry005@yahoo.co.uk
Me too, I never understood Gravatar.
grattis online black jack spel…
diffract hate imitate focused effectiveness subtlest …
I personally find Gravatar is not user friendly.
I never understood Gravatar.
Great article with great comments. Thanks for it! I will read it again because it is very interesting. You are good writer. And like JacobS I never understood Gravatar.
good info great written
Don’t use openid. I prefer just leaving comments with a trackback to my site. Never really understood wordpress as I’m on the blogger platform.
i appreciate the good advices written in this article
Not a big fan of gravatars, but this is a well written article. Thanks for the good info.