[paulosman]

I agree that email address != identity, but nothing would stop a site that uses BrowserID from allowing a user to change the email address that they use on that site.

It's very similar to the countless existing services that rely on email for identity... you'd just have to verify ownership of the new email address (usually through a confirmation email).

[yarone]

My thoughts exactly. I actually respect the thinking process which is: rather than invent something from scratch (some new user ID), let's use something that everyone is already familiar with: a traditional e-mail address.

[stickfigure]

Sure, every website can implement this flow, and users could could go to every website they've ever logged into and update their email address... assuming it all works properly even though they might not have access to the old email address anymore.

At the very best this technology offers considerably less value to websites and more hassle to users than Facebook or Google. And it's about 5 years too late.

[paulosman]

"Sure, every website can implement this flow, and users could could go to every website they've ever logged into and update their email address... assuming it all works properly even though they might not have access to the old email address anymore."

And how is this different than the current situation? Nearly all web sites require an email address. With BrowserID, you at some point confirmed ownership of that email address, so you could continue to use it to login, then change when you're ready.

"At the very best this technology offers considerably less value to websites and more hassle to users than Facebook or Google. And it's about 5 years too late."

Tell that to users who a) don't have Facebook accounts or b) don't want to use Google or Facebook with their identity. Far more people have email addresses than Facebook or Google accounts.

[stickfigure]

Fast forward another ten years. Do you really think typical websites will still ask people to create usernames and passwords? I predict that the current trend of "offload that crap to Facebook/Google/BrowserID" will continue. Even BrowserID.org makes that assumption.

The question is whether a BrowserID identity is as useful as one of the established identity providers. You start out with a chicken-and-egg problem; websites won't consume BrowserID if users aren't using it, and users won't use it if websites aren't asking for it. What will overcome this Catch-22? Techwise, the dependence on email seems less compelling than Facebook or Google auth.

Maybe BrowserID can rely on mass distrust of Facebook and Google. I'm not sure that's sufficient though - especially with Google.

[21echoes]

facebook, i agree, makes sense for an assertion of your public, real-name identity. there will always be sites and situations where i do not want my real name associated with what i do there.

google auth is just one provider of the same identity as browserID-- an email login. so, imo, browserID is a strict improvement, in that it is more seamless than google auth in regular usage (leveraging the browser as the user agent), and works with more providers.