I played a bit with Mozilla’s foray into digital identity, Persona. It’s integrated nicely into OpenPhotoTrovebox, a great open-source photo publishing app, and Persona works really well with. Very smooth and elegant. But:
Persona’s #1 selling feature is privacy. Unlike most other identity technologies (e.g. OpenID), Persona does not tell your identity provider about all the sites you visit. That sounds great, until you think about who should adopt and implement Persona, and why they would (and wouldn’t) do that.
Let’s say you are Google, and you are considering whether you should support Persona. (I have no information about what they actually think there, this is my guess only.) As Google, you already support OpenID, and you get information about where all your users go every time they log on. That’s information you obviously want as Google. Persona does not give it to you. So why should you support it?
This is not limited to Google: the business case (or lack thereof) is the same for every web company that makes its money via ads, which is pretty much everybody who could be a large identity provider.
The other possible adopter of decentralized identity technology would be the individual: individuals could use Persona to self-assert their identities from their own personal websites or personal clouds. But: guess what. As an individual, asserting my own identity using my own identity provider, I have no need to keep browsing history hidden from myself! In fact, I perhaps would like to keep it around to keep a record of my interactions with sites and vendors so I could do something interesting with it later.
So as beautiful as it it, and as great it is that Mozilla is trying to make the web more user-centric, and less privacy-invading, I cannot see many large-scale adoptions of Persona for good (i.e. business) reasons. Its #1 feature, privacy, prevents it from getting adoption.
One response to “Mozilla Persona: nicely made but who has the incentive to adopt it?”
[…] privacy-protecting than anything else, aka “we won’t give access to user data.” (I predicted exactly that outcome last […]