

Using a Domain as a Unique ID - benjy1
http://devblog.com.au/using-a-domain-as-a-unique-id

======
vxNsr
Nice idea.

The main issue is the common-ness of last(or sur)names and once you move away
from using the last name as the domain everything becomes a lot less
effective... even if you had it drill down to your neighborhood, I know many
people with the same last name who live on the same block... two houses away,
so you would always need to use some combination on firstname+lastname+random-
integers

Not to mention a lot of people don't want even their most basic information
broadcast to the outside world.

I like the idea, but as you quasi-mention in the article it's unlikely to ever
happen, or at-least under circumstances similar to the ones we have now - more
than one government for the entire world.

------
CarolynSpencer
I have actually thought of the same idea dozens of times.

I feel like the thought isn't that far out there, but obviously privacy and
security issues come to mind, as mentioned in the article.

Personally, I do use my domain name on as many platforms as possible; it not
only helps with SEO to ensure that people are finding the correct person, but
it also helps to better manage my digital brand by ensuring that anything that
could possibly have my name (or "ID") in it can be controlled by what I post,
upload, tweet, share, etc.

I see using a domain as a unique ID as a digital brand management strategy
(and a good one at at that).

------
jedahan
See indiewebcamp.com and <https://indieauth.com> for a useful, working version
of domain-as-login.

------
ignaciogiri
I like the idea, this could be a nice conversation for OpenID.

------
nwh
You're thinking of .name, which never really took off.

~~~
benjy1
Thanks, I didn't know that existed. The whole concept needs way to many
parties to get involved to make it a success so I can see why it never took
off.

~~~
nwh
The main issue is collisions. For that reason alone it will probably never
take off. I have a reasonably obscure name, and even mine is taken in that
system.

~~~
benjy1
I sure that is a problem we could solve. For example you could have
name.familyname-[UNIQUENUMBER].com That would work as long as the unique
numbers didn't get to big. If they were categorised by country it's unlikely
it would be more than 5 digits.

~~~
nwh
Somehow I don't think people would enjoy being contacted at
_john.smith-19F3A.com_.

------
kijin
> _When every child is born we give them a domain name._

Wait a second. _Who_ gives them the domain name? The government? Your company?
And does it last until you die?

As the blog post mentions, many countries have been issuing ID numbers to
every citizen for decades. So it would be extremely simple to give each
citizen a unique domain of the format id_number.ccTLD or similar. But why
don't we do it? Because security and privacy.

For example, South Korea issues unique 13-digit IDs to citizens and long-time
residents. For decades, these ID numbers have been _the_ preferred way to
identify people in every public and private setting. They are assigned at
birth, unchangeable during a lifetime, and never reused after death, so it's
easy to see why they would be ideal for unique identification. But recently, a
law was passed that banned most online services from using these ID numbers to
identify members, because there have been a number of high-profile breaches
where tens of millions of ID numbers were leaked. But it's too late! South
Korean ID numbers are a dime a dozen in every black market around the world,
and it is estimated that every citizen who has ever signed up for an online
service has had their ID number leaked multiple times already. A group of
affected individuals recently petitioned to have their ID numbers changed, but
were refused. (The SK government only allows your ID to be changed if there is
reason to believe that NK is trying to kill you.) The case is currently at the
Constitutional Court awaiting a final decision.

> _We Have to Many IDs ... Nowadays we commonly have a driving licence,
> passport, tax related number, electoral roll number, a personal domain,
> email, phone numbers and probably others depending on the country you live
> in._

The difference between your national ID number (if your country has one) and
your passport number is that the former is a serial number for yourself,
whereas the latter is a serial number for the passport. When your passport
expires and you get a new one, your new passport has a new serial number,
because it's a different physical object. If your passport is stolen, they
only blacklist the passport, not your ID number. Since there is a one-to-many
relationship between people and passports, it makes sense to store them in two
different tables with different primary keys.

Your phone number can be easily changed, and this is a good thing because
thousands of people are stalked by abusive ex-partners every year. If your
phone number were irrevocably tied to your person, it would be a lot more
difficult to prevent your ex-husband from finding you. Ditto for e-mail and
physical addresses.

Even your name is not an immutable identifier. If you used to be
john.smith.ccTLD but now you're mary.jones.ccTLD because you changed your sex
and your parents disowned you, now you have to notify everyone about the
change. In addition, many cultures have complicated rules about changing your
name when you get married, and it's not always as straightforward as "wife
assumes husband's last name". Sometimes you're given a ghetto name that sounds
like "dumbass" in your second language and you need to change it before you
enter a respectable profession. etc. etc.

For this and similar reasons, I am _prima facie_ unenthusiastic about any
identification code that lasts a lifetime. Unless the code is never meant to
be disclosed to third parties, like a GPG private key. But even GPG keys can
be revoked at will, and this is a considered a critical security measure.

> _Putting everything online could quite possibly lead to the greatest
> security breach of all time._

That disclaimer was supposed to be at the TOP of your blog post, not at the
bottom. When we're talking about identification methods that last a lifetime
and are difficult to change, security should come first and foremost.

