Codes of behaviour

The personalised web makes it hard to keep your private data to yourself

Last year when my laptop broke, I almost lost all my digital photos. The photos weren't on the computer - I use the online photo-sharing service Flickr. But I couldn't remember my Flickr ID and password; the web browser installed on my laptop had always remembered it for me.

In general, I'm happy that most of the services I use are web-based: Gmail for email, Del.icio.us for links, Dopplr, Facebook and LinkedIn for social networking - the list goes on. I may not be typical - I'm a geek, and that's why I get to write this column. But I'm indicative of what's to come. The web is developing from a place where we read stuff, through a place we interact with, into a place we personalise.

However, in order to personalise the web, we must first log in. And in order to use lots of services, we must log in lots of times, if we're sensible, using different passwords. Every service, shop and bank with which we interact online knows these logins and passwords, and uses that knowledge to establish trust that we are whom we say we are.

That puts the burden firmly on our shoulders, and the more identities we have online, the greater that burden becomes. This provider-centric approach is in the process of being challenged by new user-centric projects such as OpenID. OpenID seeks to set up a competitive market of identity providers, based around open standards that already exist on the web. In simple terms, that means that you only need remember one passcode - your OpenID provider assures all the services you use that you're the same person you said you were last time. And if you don't like the way your OpenID provider is handling your data, you can switch providers.

The scheme has been tentatively adopted by AOL, Microsoft, Sun, Novell and, more recently, by Google and Yahoo!. It is now spawning even more user-centric approaches, such as ProjectVRM, which hopes to use OpenID to build a community of service users that can exercise real power.

But it's not just about logins. Last month when Robert Scoble, the über-blogger, was kicked off Facebook for trying to export data about his 5,000 friends to a rival service, he shone a spotlight on the issue of data portability. Soon, it won't be just our logins we'll want to travel with us as we roam around the web, it will be our photos, videos and friends, too.

At the centre of this debate are the twin spectres of security and privacy - however easy it is to carry around, if you've got all your eggs in one basket, you need only trip up once to find yourself eating the proverbial privacy omelette.

"People are going to voice concerns about privacy," says the data portability advocacy site DataPortability.org, "but soon enough the actuaries will insure our personal privacy, much like they do every other aspect of our lives." Until that day comes, it might be a good idea to continue spreading the privacy risk.