

Idea: PayPal for Identity Management - andrewfong

Someone might have thought this up already, but if they haven't, this might be an interesting project for someone to do. Basically, the idea is to make the equivalent of PayPal, but for identity management.<p>For most sites, authentication consists of an e-mail / password combo. Some require you to create a user-name as well, but it's basically a proxy for an e-mail address. The problem is -- a lot of people don't really want to give out their e-mail address. (1) Spam. (2) Linking multiple accounts to the same e-mail provides lots of info for data-miners.<p>To deal with 1, many users already create junk-mail accounts that exist for the sole purpose of signing up for stuff. The problem is that sometimes you want to see SOME of the newsletters those sites send. Leaving them all in the junk account ensures they're buried under all the other stuff. Use your non-junk-mail account and you may not be able to undo the damage later (ever try opting-out of some of the spam messages? PITA sometimes). It also doesn't solve 2.<p>So .. why not create different e-mail addresses for each site you create an account with? Have them all forward to your real e-mail address. When you no longer want spam from a certain source, simply terminate one of the fake e-mail addresses. This would be a pain for a user to do for every single account they created, but an entrepreneurial hacker could create a service that automatically generated fake e-mail addresses, strong passwords, set up any forwarding, and allowed users to track and manage their login info on multiple sites. You would also have to write a browser plugin or something that looked for user-name/e-mail form fields and filled in the proper login info (it'd be unreasonable to expect users to keep track of all the fake e-mail addresses on their own).<p>Just as PayPal allows you to pay without exposing your actual financial information, this would allow you to login without exposing your actual e-mail address. Even better, unlike PayPal or services like OpenID and Windows CardSpace, it requires no change on the part of the actual sites themselves. It's all done on the client-side.<p>For the truly paranoid, you could potentially extend the idea by creating full-blown fake identities (with names, addresses, etc.) for each site you visited, but I suspect you would run afoul of the law here.<p>There's a lot of room of abuse, but I don't see any absolute deal-breakers so far. I'm busy with my own project right now, so if someone's looking for something to do, go for it.
======
robmnl
<http://mailexpire.com/>

~~~
andrewfong
Well, so much for that one =P

