[vkorsunov]

Here we talk about social networks and I need advice. We combine search engine and social network, on Bubblehunt you can create own search system for bookmarks and other resources, but we using Twitter and Facebook for authentification. How you feel - it's right way? Or we need think about Reddit model?

[dredmorbius]

What do you mean by "reddit model"?

I don't want centralised authentication (a/k/a "centralised user tracking across the Internet").

That was a major strike against G+, frankly. And any FB auth is dead to me.

Twitter also, since I have no profile there either.

[vkorsunov]

I mean just this Ok, you will not be authorized through social networks. And if you use mail, then you can create an unlimited number of bots ... a dilemma ...

[dredmorbius]

So, one of my soundbites is: "Who are you?" is the most expensive question on the Internet. No matter how you get it wrong, you're fucked.

Thing is, I think we're missing the point on "identity". It really devolves into a set of related, though nonidentical, considerations:

* Authority: Should you be allowed to do the thing you're trying to do?

* Reputation: What is your credibility or history? Closely related to trust.

* Integrity: Is this thing with your name/identifier on it actually yours, and the same as when you created it?

The point is that identifiers are cheap and easy. Reputation should be exceedingly expensive. Integrity is very nearly a simple technical problem. Authentication, similarly, and it carries the additional challenge that People Lose Their Damned Keys.

I'd like to see a signet ring or similar mechanical, worn, replaceable, contact-based device replace or complement password and other mechanisms. Which means establishing some kind of standard (you need a detector / sensor on a wide range of devices).

And that happens to be a Hard Problem.