People need to be much more aware of the fact that you don't own your gmail address, or your Twitter/Facebook/LinkedIn/Instagram/whatever account. Those companies encourage people to build their reputations and networks and "personal brands" inside their walled gardens, while repeatedly demonstrating that they won't lift a finger to help protect the user's custodianship of "their" usernames.
Unfortunately - when you explain this to people there's no really good answer to their immediate "so what should I do?" question.
I no more "own" the bigiain.com domain than I own "bigiain" on HN, or "bigiain@gmail.com". While I can ensure I keep paying for it's registration, I have no doubt that if Monsanto or Goldman Sachs or Apple launched an new thing and trademarked it "Bigiain", my registrar would fold instantly to a legal demand from their lawyers, and I'd be just as out-in-the-cold as all those people without friends-of-friends in high enough places at Instafacetwigoo to "fix things", or with publicity platforms like @mat behind them.
I suspect in the future, there'll be a well known way to tie your online activity/reputation/network to a strong public key (with some distributed blockchain-like revocation/renewal audit trail). If anyone's working on something like that - I'd love to hear about it...
I have been thinking about this quite a bit, recently, as well and I do think the future does look like something you described. However, I do have doubts. Outside of being worried about the big brands removing your access to your hard earned reputations (which seems unlikely on a mass scale), what would be the other common uses cases for a crypto identity key? As we know, in order for a majority of people to adopt new technologies, there has to be a very compelling use case. I am not sure a consolidated identity key solves any real problem or rather it is just a cool tech thing that us hackers would like to see, kind of similar to the problem that bitcoin in general is having in achieving adoption.
I am curious if you guys have any really good thoughts on products that could implement a crypto identity key that solves a real life problem. Would love to discuss.
I think it's a good idea to own your own domain name, at least as a tech savvy user. You can still use Google Apps with it (Google for work now?).
That being said, I think it's a bit unfair to say companies won't lift a finger to help protect their users usernames. On the technical security level, many companies put a lot of effort into things like 2F, general internet security, etc. In particular Google, but also Dropbox, github, and others. On the service level (i.e. what happens when you have to talk to someone) everybody could probably improve quite a bit. OTOH that's costly and would ultimately need to be paid for by the customers somehow.
On the legal level, there isn't really anything these companies could do for you. If you do not own a trademark for your chosen domain name (account name, page name, ...), you'll lose it to someone who does [0]. That also won't change if you have all kinds of friends in all kinds of places - your problem then is basic trademark law, not the goodwill of some company (that has to adhere to the law, after all).
Disclaimer: I work for Google.
[0] possibly with the exception of the account or domain name being your legal name, but I don't think there's a general norm for that.
Technical measures to prevent account theft are always welcomed but they stop there; at prevention.
As most of us know through experience though, poop happens.
In our era, for many people an account at an online social network is part of their identity. Losing it can be devastating. An account at Google is even more; it is one's documents, emails, contacts, calendar, photos, various data and digital purchases.
So it is very important that there is support when you need it. Is it really so costly? I don't know. How many cases of account theft are there every day if the technical (prevention) measures are good? Maybe affected users are willing to cover some of them?
I have no doubt that if Monsanto or Goldman Sachs or Apple launched an new thing and trademarked it "Bigiain", my registrar would fold instantly to a legal demand from their lawyers
That particular problem can be solved by getting a domain that nobody else would want. In my case, I've registered my first name+last name.com, which will certainly never be considered for a trademark.
Unfortunately - when you explain this to people there's no really good answer to their immediate "so what should I do?" question.
I no more "own" the bigiain.com domain than I own "bigiain" on HN, or "bigiain@gmail.com". While I can ensure I keep paying for it's registration, I have no doubt that if Monsanto or Goldman Sachs or Apple launched an new thing and trademarked it "Bigiain", my registrar would fold instantly to a legal demand from their lawyers, and I'd be just as out-in-the-cold as all those people without friends-of-friends in high enough places at Instafacetwigoo to "fix things", or with publicity platforms like @mat behind them.
I suspect in the future, there'll be a well known way to tie your online activity/reputation/network to a strong public key (with some distributed blockchain-like revocation/renewal audit trail). If anyone's working on something like that - I'd love to hear about it...