A Model for Identity in SoftwareRead time in minutes: 17
Most software on the market has a very boring relationship with identity. Most assume that one user has one "real" name and one "username". Some software associates identifiers like phone numbers with people. Some software allows you to have multiple entirely different accounts and then share nothing between them. Some software makes this easier. Some software (such as forum engines) have the concept of sub-accounts that allow you to compartmentalize parts of your identity and switch between them at will. However, there is very little out there in terms of software that gets this right. There's always limitations, difficulties, red tape and caveats. I would like to discuss a proposal for how to handle this in a way that is flexible enough to cover the widest possible expressions of human identity so that software can be as inclusive as it can be from the ground up.
This is a very serious thing and I am treating this very seriously, however it can get kind of boring reading everything in a serious tone so I am attempting to liven it up with some more creative scenarios.
The Existing Clusterfuck of Identity
So, let's start out with describing some assumptions that programmers have about identity so that this proposal can address them. I'm going to be borrowing from a few sources:
Here's some big assumptions that can cause the most practical issues:
- Each user has at most one name
- Each user has at most one username they prefer
- Each user has at least one phone number or email address they'd prefer to use
- Users have no reason to create multiple logically separate identites
If you have never encountered the kind of situation where people have multiple names that they actively go by before, this will likely sound very confusing to you at first glance. People just have given names right? They're given to you by your Mom and Dad and then you're just stuck with them for the rest of your life, right?
Your "Mom" and "Dad" in fact have names of their own beyond "Mom" and "Dad". They could have names like "Karen Smith" or "David Carmicheal". But to you they could be "Mom" or "Dad". You could be "son" or "daughter" to your "Mom" and "Dad". You could be something else entirely to someone else. Yet those are all separate logical parts of someone's social identities. If you are called "Mom" in a context by someone, it can have a very different connotation than if you were called by a username, nickname or legal name.
As an example, let's consider the various ways that I, the author of this document experience identity that defy most of the identity systems that I have to deal with. I am publishing this post under the name Christine Dodrill. That name is my legal name that I use for dealing with the government and in formal situations like that. One of the places that this post gets published is my GitHub account Xe. I also tend to use that name in some places, I see it as a lot less formal than my legal name. Generally contexts that I use it in are places that I feel safer in, however it's still detached from my more personal relationships. Then there's my handle Cadey. I consider this one to be the "real me" (for some definition of "real" and "me" that makes sense in context). I don't use it everywhere because Cadey is a lot less formal/a lot more personal, shitposty and friendly than the other names are. If you see me using it or I am in a space with others using that to refer to myself, this is actually a fairly significant sign of trust in the situation or the people involved.
Also, as an aside I am going to be talking about some things in the rest of this article that really do mix the name-based compartmentalization that I do together, if you really want to ask clarifying questions or whatever I suggest doing it over somewhere my name is listed as Cadey. There are some questions that I am hesitant to answer in professional contexts. Please respect this.
I have not seen any system on the internet that allows me to properly map the differences between these logical facets of my identity. Not without having to make multiple accounts, keep track of god knows how many email addresses and use ungodly hacks such as Rambox. Seriously, I've tried. People wonder why I would need a tower with more than 32 GB of ram and having to keep so many webmail clients and instances of Discord open is basically the entire reason why.
So, one common thread between my escapades with identity and someone that wants to keep their kids, knitting buddies, DnD group and gaming buddies separate is that they are the same person wanting logical separation between different facets of their identity. They may not want their kids to know that they play Grognar the Destroyer on saturday nights, but they might also not want their very religious knitting buddies to easily be able to find out that they roleplay as a succubus in an MMORPG.
People that are transgender, nonbinary or a political activist may also want to separate out parts of their identity for fear of rumors or persecution. Coming out as transgender is one of those 50/50 splits between "nothing bad will happen" and "that person will never see you the same way again and disown you". That incurs a huge amount of social risk. This is a very strong case for having a way to logically separate out part of one's identity. This could mean the difference from someone being accepted by their family or shunned by them. This could mean the difference between an activist being able to continue to advocate for universal healthcare coverage and that activist being thrown in jail for a very long time with trumped up charges for speaking out against the actions of Big Toothpaste.
However, what about entirely separate people that need to share computers or accounts? This could range from a married couple sharing a computer for financial reasons to one case that I can think of that completely annihilates most assumptions programmers make about identity: Plural systems.
Usually I write these articles assuming that people reference links if they are confused or for later reference. However, for this case to make sense I feel that I need to directly quote part of that source so that I can help make my point more clear:
Plurality (also known as multiplicity) is the state of having more than one person/consciousness sharing a body. Together, the people who share a body make up a plural system or multiple system, often referred to simply as a system.
As far as existing identity systems go, this is the worst case scenario. This throws the "Users have no reason to create multiple logically separate identities" assumption so far out of the window that I think it may be in Narnia by this point. Plural systems that I know have had to resort to things like PluralKit that uses user-definable text prefixes and suffixes to kinda-sorta-maybe implement multiple account support into Discord communities (however at the expense of making it much harder to use existing moderation tools with PluralKit messages).
Not to mention platforms that need multiple phone numbers gets financially expensive for systems that want to have each member have their own connections to other people. Making multiple accounts on services can also be a huge pain in the ass because programs do not have decent (if any) support for easily changing between accounts without having to keep ram-hungry clients open or constantly changing based on context. I certainly have a huge amount of trouble doing this. Rambox is decent enough for the lot of us to be able to easily multibox Discord, but it is such a terrible pile of hacks that we all really would love to get rid of.
A Middle Path
How can we make things better for both cases?
There is not much prior art out there (annoyingly enough), however a large step in the right direction comes from a very unlikely source: Google Plus. One of Google Plus' distinguishing features was the the concept of circles. Circles allowed you to separate people you communicate with into groups such as "College Friend", "Coworker", "Furry", "Knitting Group" or "Family". One of the main things that Google Plus stopped short of doing was the ability to let other people have multiple ways to see you (they also had some shockingly bad takes such as the insistence of "real names" which may have caused untold amounts of harm in the process). You ended up with one "you" but many groups you could limit posts to.
Solutions such as subaccounts or Rambox are hacks to work around the disease, but what could a cure at the source look like?
Consider Firefox Containers. They are completely separate sub-identities but share common things with your "main" identity such as the password manager and extensions. Being able to communicate with other people as a logically separate identity should be as easy as it is to spawn a tab in a Firefox container.
There should be a "bank" of identities that you can pick between in contexts where those identities are relevant. I should be able to flip over to Nicole's view of a Discord guild, send a message that she's dictating out to a conversation about the flavor profiles of Bavarian sausage casings and then flip back to my discussion about the philosophical consequences of eBooks compared to traditional print media in about as much time as it took me to come up with something sufficiently bizarre for this sentence. An advantage of this being baked into the substrate of platforms means that moderators aren't shafted by this either. If you ban one of someone's identities from a place, you should ban them all from that place to prevent fractal sockpuppeting.
I should be able to connect with someone at work, and then that same person online without either of us having any idea that we are the same people. I should be able to talk about legal things as Christine, personal things as Cadey and the space inbetween as Xe. The girls and I should be able to talk about our own things individually without our coworkers, our professional contacts, Mai's DnD group buddies, our own personal friends, acquaintances and people that are in groups I moderate without anyone being able to connect them all together at the platform level without my explicit permission (if only to avoid some uncomfortable philosophical discussions about personhood in professional contexts where they aren't very relevant to begin with). I should be able to select from other identities like I can select email accounts on my macbook.
Yes, this would be a hard thing to implement given existing technical debt. It throws a lot of assumptions about identity on these platforms out of the window. However I believe that it is really worth doing, because the benefits in terms of privacy will far outweigh the implementation costs. You have more than one "you" in practice. Software should let us make these kinds of logical separations easier, not harder. Having to use tools such as Rambox means that the identity model of a service is fundamentally flawed.