Identity as a service

What is online identity? This question provokes an abstracted inquiry into identity proper, which while beyond the scope of a blog post is a metaphysical contemplation worth considering. But online identity does bring up pertinent and practical questions regarding privacy and security. It also tends to conflict with our colloquial notion of identity. Does it reflect back onto our notion of a self-identity? Is it a reification of the self or a parallel process, a second self? Slavoj Žižek has claimed that online identities are expressions of an inner truth that we deny ourselves, and they are indicative of an empty medium of identification which is "the subject itself".

The VR persona thus offers a case of imaginary deception in so far as it externalizes-displays a false of myself (a timid man playing a hero in MUD...) and a symbolic deception in so far as it expresses the truth about myself in the guise of a game (by playfully adopting an aggressive person, I disclose my true aggressivity).

I'll resign the identity studies to those who presuppose identity as a primary determination. My curiosity is concerned with the notion of identity as a secondary determination, as formulated by philosophers such as Gilles Deleuze and Jacques Derrida. In this case I think I can briefly illustrate (and over-simplify) how their post-structuralist theories of identity might be relevant to online identification.

Take for example the nature of OAuth, which in my case has resulted in a rather large collection of "authorized apps" residing in my "main identity stores". These main stores could include Google, Facebook, Twitter, LinkedIn, GitHub, and just about any other large data-collection service that we use to construct our online identities. Naturally we trust (to a certain degree) these services to protect our data so that we can use their representation of our identities across the web.

All of these applications maintain an identity in relation to the original provider of said identity. Some might even expose their own constructions through yet another OAuth implementation, and that process could continue indefinitely. Are any of these individual OAuth consumers truly qualified to be online identities? Eventually the tree-like structure of an OAuth implementation across the web starts to look more rhizomatic. The source of truth for your virtual persona starts to become all of these applications in tandem, each of them sharing varying aspects of your collected data between themselves. This rhizome is a map of our various identities, showing that we may define our online self through a non-hierarchical network of integrated services.

Beyond OAuth some applications refuse to manage users themselves and would rather offload to services like Stormpath or Auth0. The tagline on the Auth0 site reads "Eliminate the friction of identity for your applications and APIs". They offer to sit between you and an identity provider (or you can leverage a managed user database) in order to better administrate your userbase. But I think this friction cannot be eliminated in the general sense, it is rather the constitutive element of online identity. The "primary" identity providers have emerged de facto by how much we have given them, while "secondary" providers can borrow only what is allowed to them. But what if these primary providers were not only a result of our manipulable self-creation? Surely they can aggregate from many other sources, perhaps from the very services to which they have provided identities. In this sense there is no primary provider of online identity -- all providers are secondary. The primary identity is the identity of difference itself, or rather the dissolution of identity into a never-ending process of data mining and interconnected services.

This friction between various data stores has yet to be fully resolved and will likely never be. Services like Gravatar offer a constant in the chaosmos beyond legal constants like given name and age, meanwhile decentralization of identity is being pursued by initiatives like OpenID. Over time these services could help bring us back into control over our online self, but I argue that full control is unattainable. In Deleuzian metaphysics the process underlying identity is one of constant difference, and this should hold true for our online personas as well.

...the divergence of affirmed series forms a "chaosmos" and no longer a world; the aleatory point that traverses them forms a counter-self and no longer a self; and disjunction posited as a synthesis exchanges its theological principle for a diabolical principle ... the Grand Canyon of the World, the "crack" of the self, and the dismembering of God."

Deleuze touches upon the fact that identities do exist but they are secondary, they are the effect of more profound relations of difference. With each post, tweet, and commit we are contributing to an ever-growing and ever-mutating online identity. And think about the possibilities this opens up. For example Coderwall provides a helpful forum but also constructs a new, gamified version of a historical online identity (via commit history on GitHub, BitBucket, Codeplex, etc.). Coderwall badges can in turn be displayed back on a GitHub profile through organizations. This feedback between identity providers is what enables a differential relation to exist. Neither is a complete identity on its own but rather they contribute to a new identity through their interplay. In fact a "complete" identity cannot be achieved as it implies a final state, a telos, whereas a Deleuzian would admit the notion of an attractor when discussing teleology. The attractors in this case may in fact be big data, the large masses of mined information that pull everything into their gravitational wake.

If I had to pick just one online profile to summarize my persona I would probably have to pick none of them. It's all or nothing -- it's process or it's beyond representation. Thinkers like Deleuze (see Difference and Repetition) and Adorno (see Negative Dialectics) have tried to expose the gap that exists between representational thought (self as identity, identity as primary) and what cannot, in theory, be thought (pure difference, non-identity). Our online identities can easily get away from us, but they provide valuable insight on how we define ourselves and on what parts of our identity are malleable by consciousness. They fold back into our self-understanding as we watch the data grow and while we shrug at targeted advertisements.