Naturally, we are looking to solve some of the following, but in fairness there is no “silver bullet” when it comes to solving all of the current online identity and personal information management issues. This is due to the fact that when it comes to identity, people have different needs in different places and at different times. We have seen some major strides being made lately (OAuth, OpenID, Dataportability.org) but there is still much further to go…

Top 10 reasons sharing personal information online is flawed:

1. Sharing personal information online is not safe.

The current process of submitting and housing your personal information in many, many different locations leads to more possibilities for your personal information to be mishandled or misused. Regardless of what a company says, the truth is they do not have much of a vested interest in protecting your personal information and you can be sure that all of the employees within that company certainly could care less. Other than if the media finds out, there really is no motivation for a company to really protect your information. They won’t get fined, the customer has no recourse, and some of the time a company may not even know one of their employees did something wrong. So if you can’t really trust one company, what happens when 100s or even 1000s of companies have access to your personal information? You simply begin multiplying the probability that something bad can happen to your personal information.

If you think maybe it is just small, shady companies that might do something wrong with your information, look into what happened to 38 million Italian citizens’ tax records, 25 million British peoples’ sensitive financial information lost by the tax authorities, and the recent uproar created over the Deutche Telekom incident.

2. Sharing personal information online is not secure.

This very closely ties in to number one and is of course one of the more obvious ones but the fact is when you submit your personal information online you have no way to ensure the security of that information once you click that submit button. You can of course submit your information via SSL (secure socket layer, the thing where you see the “Verisign” logo when purchasing something) but that only handles the transmission of that information. There are no standards or processes in place to ensure that your information will be handled securely once it is in someone else’s hands. The reason for this is that every company defines “security” differently and in truth, we the users don’t even really know what to look for. We are left to hope each time we submit our information that EACH company will keep our info safe and under lock and key. Please see above for the effectiveness of hoping…

3. Sharing personal information online is one-directional.

Of all the problems on the list, this flaw probably has the furthest to go. The fact that sharing personal information online is one-directional means that when you submit your information anywhere online it becomes very tough to interact with that info to update, edit or change, especially across multiple websites. Of course, most websites offer the option of allowing me to log in and edit or update my info but is that a really effective method to manage the 1000s of companies that hold my personal information. I recently moved and had to change my address.  The process of updating every company I interact with (cell phone, credit card, etc.) was not my idea of fun. I try avoid speaking to my cell phone company at all costs.

The point is that it was a hassle just to change my address, but what about when I graduate with a new degree, get a new job, receive a professional license or any of the hundreds of other things that happen to people over the course of their life. There are databases out there that have old, static information about me that I a) might not want them to have anymore or b)might want to the opportunity to update. Fixing this is one of the goals of Project VRM (Vendor Relationship Management), which you can think of as the opposite of Customer Relationship Management. Essentially, the customer has one place to manage all of the companies they interact with. Not a small task and we admire Doc Searls for the effort he has put into this project thus far.   It is something we are watching with interest.

4. Sharing personal information online lives in “silos”.

Your personal information living in “silos” simply means that each website, network, community or place where you have submitted your personal information has no relation to the other. Who I am on Linkedin has no relation to my BeenVerified Profile and they are not able to interact to give a better picture of who I am and what I have accomplished. Each community holds their own database of information and there are no standard methods for, while still keeping the user in control, passing around this information. Ross, my co-founder, is ridiculous with modifying any piece of computer equipment to be placed in a car and is recognized as an expert on the car forums where other wonks like him hang out. However, if he wanted to, he would have no way of sharing that “expert” status with say a wikipedia posting regarding car tuning so that readers would get a true sense of his expertise.

This is something we are very interested in fixing and if you have users with information that you think is important for them to be able to share throughout the web, feel free to contact us.

5. Sharing personal information online requires releasing username/password information.

In order for personal information to be shared from one website to another (for example, your gmail contacts with a social network) websites have traditionally asked for username and password information in order to go and collect your information from another site. This is HORRIBLE on many levels and the OAuth protocol was built to stop this process and our own co-brandable web service requires using the OAuth process to ensure that we pass information only after a user has logged into BeenVerified on OUR domain.

If a website asks for your username and password to access another website on your behalf, tell them they seriously need to think about re-building their process.

6. Sharing personal information online is repetitive.

Is there anything worse than having to fill out the same signup form over and over and over and… OpenID to the rescue! Well, sort of.

OpenID does a good job of ensuring that you have less passwords to remember and can get you signed up and logged in faster. The problem is that more websites need to adopt it and there is only so much information that the protocol currently supports. For example, if I wanted to pass along my current place of work that option is not currently supported and it would require me to fill out additional information which defeats the OpenID purpose.  OpenID is a great, lightweight option for the social networks, blogging, or “fun” type of stuff on the web but what should we do about enterprise or places online where more serious types of transactions take place?

7. Sharing personal information online requires complete disclosure.

In order for me to obtain a mortgage quote today, I would need to visit a mortgage lending site and enter in almost all of my personal information, which would then require the lender to run a credit report in order to provide me with a proper quote. We feel this is one of the 10 problems that can be fixed the easiest and fixed the best. Specifically, it should be possible for a user to say “I want a mortgage” but not have to tell the lender EVERYTHING about them, just receiving the credit score from a trusted source would be good enough. Not sure who coined it first but the proper term for this is “selective disclosure”…

This doesn’t apply to just mortgages, think about being able to apply for a job and show the credentials you have but still be able to remain anonymous (your name, address, etc.) in order to not have to worry about losing your current job. What about being able to edit a wiki article on abortion, prove your expertise as a doctor but again not actually have to show your name. There are many instances where showing all of who you are is unneseccary and leads to supplying information that you should be able to keep private.  BeenVerified is working on this too.

8. Sharing personal information online has high value to businesses but zero to user.

So Facebook is worth $15 Billion (Capital B) based off their zillion users.  But how much of that dollar value do the users actually get? If you answered ZERO, smart one you are. Facebook has no idea how they are going to make money off their network (advertising, of course!) but they have that valuation because of the control they have over all of that user data. At the end of the day people can talk all they want about “eyeballs” but that is just lip service. The real value of most of the “rich” web companies is that they have a user base that they can extract data from.

9. Sharing personal information has too many standards, protocols, and formats.

Oh boy, this one might annoy some people but the fact is that there are currently too many protocols, formats, standards, intitiatives, organizations, movements, and revolutions regarding user data. I’m not going to list which ones I think are good or bad because we really don’t know until they become standardized. The problem is that while we are waiting for standards to be formed we are losing out on the ability to move forward and enhance the current online environment. Blogs became huge because of RSS and even more importantly this whole Internet thing got to where we are because of Windows…GASP! did I just say?

We root for the success of all open formats and protocols but mostly we are rooting for some of them to just become standards that are widely used.

10. Sharing personal information online has no mechanism to know what information to trust about another individual in an on-demand, real-time basis.

This is BeenVerified’s main problem statement that we are trying to solve.  In the current online environment there is no way to know if any information you are viewing about someone is true. If you meet someone online (Craigslist, Monster, Match.com; it doesn’t matter where) there is no method for verifying that the person a) is who they claim b) has accomplished what they claim. Of course, you can google them but that information requires a couple extra steps and even then you do not know if that information is true. Now in some instances that might not matter, but in others in might be extremely important. If I am looking to hire a freelancer to do web design for me, knowing that he has the PHP (programming) skills he claims is certainly important in my decision to hire him.

Now it’s not just the individual users who have this problem. Businesses have a big problem of combating fraud, spam, etc. all because the web is built with no personal identifier system, which of course is a VERY, VERY good thing. I certainly do not want every website to know who I am and certainly do not want every website I visit to be tracked and see where I have gone (there is already a company that does that). However, businesses (and employers) need a way to know who they are selling to and working with just as much as individual online users do. Additionally, owners of online communities and places where people meet and interact would like to build environments where users can trust each other, not out of the goodness of their heart but because they will be able to increase revenue if users are interacting more on their platform than their competitors.

One of the more recent rounds of presentations featured one of our favorite fellow NYC startups, Drop.io, whose founder Sam Lessin gave a great presentation.  The event is invite only but if you have been meaning to learn more about BeenVerified or The Hatchery in general, feel free to email us and we will make sure to get you an invite. We will provide more details prior to the actual event on August 6th…

The event will be held at HSBC on the corner of 40th St and 5th Ave, 11th Floor
452 5th avenue, New York NY 10018

Davis excuses this breach by saying the institution giving the loan didn’t run his social security number through any of the 3 credit reporting bureaus. But this infringement just goes to show that there are a whole bunch of use-cases for bad guys to steal your identity and do other very nasty things with it. The article points out a bunch of examples such as dealing with job applications, medical services and even when dealing with the law. Leave it to the imagination of a determined criminal and with the far reach of the internet and I’m sure the possibilities of wrong doing are limitless.

While the Lifelock service does have some merit, it’s certainly not the silver bullet of identity protection. Just like anything that has value, you must keep your identity information very close to you and only let it out when absolutely necessary. The responsibility of protecting one’s own identity is still belongs to that individual.

At BeenVerified we are super careful not to ask for our users’ social security numbers’ unless absolutely necessary and even then we only ask for the last 4 digits and never store it. We use it one time and it’s gone from our system. Additionally we have super secure systems. We use time tested best practices for locking our servers and keeping our code secure from attack.

Any user that is prompted for a social security number from a website must have extreme confidence in that institutions security measures. Read the security policies, privacy policies and do some research about the company. Even then, I would recommend rethinking the sharing of that information unless it was absolutely necessary.

As for website owners, I suggest to try and find other methods of achieving the same goals without using your user’s social security numbers or any sensitive information for that matter.

Also, to those who wish to get the benefits of Lifelock without paying for it, you can get the same service for free by contacting any of the 3 major credit bureaus.

According to the Transunion Fraud Page:

A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you. It also may delay your ability to obtain credit. You may place a fraud alert in your file by calling just one of the three nationwide credit reporting companies. As soon as that company processes your fraud alert, it will notify the other two, which then also must place fraud alerts in your file

Please make sure to contact each bureau individually to ensure that each one has placed the protection on your account as some people have reported that the sharing of information between the three are sometimes very slow.

We are very happy to announce the official launch of the BeenVerified API. The API provides an easy and secure way for developers to integrate BeenVerified directly into their own website or application’s look and feel. The authentication process follows the Oauth protocol and is meant to give our users control over who can access what parts of their information without having to give up their username and password. The process we use is similar to how a third-party website and the end-user interacts with a website like Flickr or PayPal.

When we first started BeenVerified, we had a very clear idea of where we wanted to go. The initial concept was that there had to be a better way for online users to secure their privacy and yet increase transparency at the same time. By increasing transparency, we knew that in turn would also make them more successful at whatever they were trying to do online (dating, job seeking, etc.). Also, there were some standards that we personally wanted to adhere to. Exactly how we were going to accomplish all of that, was what took all these months to work out. The feedback we got from “smart money” , fellow entrepreneurs, initial partners, friends in the identity space, and most importantly our users, gave us a very good guideline for what we needed to build.

This new API gives us a great platform for us to grow BeenVerified in terms of scale and also service users in many different ways. We look forward to seeing how the developer community can use BeenVerified within their own applications. While at the moment our API is read only, we are looking for partners that feel they could add value to having their users import data to BeenVerified as well.

You can learn more here or if you have any questions you can check out our API Forums and feel free to pester our development team.You can read up on the API Documentation HERE and get a developer key HERE.

Check out this ScreenCast to see how BeenVerified interacts with third-party applications.

The new version is feature packed so we will not get into all the specifics right now, but in short, the emphasis has been on allowing users to have more control over their data and choose when, where, and what people see about them. Some of the features include giving users the ability to create as many personas as they wish, sharing their credentials with third-parties, managing private info requests, and a much easier sign up process. We also added in some free verifications like email and website ownership, which is being supported by MicroID. Therefore, allowing users of sites like Claimid.com and Plaxo.com to be able to verify ownership of their profiles instantly. In a few short clicks, (cut and copy) you’re also able to verify any website where you have access to the HTML.

We will be explaining all of these features in depth over the upcoming weeks, but for now we wanted to thank a few people for their support in helping us get from our initial beta to where we are today. First, we’d like to thank Bill Al who pulled us aside at Sun Startup Camp and said “Hey, I know these Identity people you should meet”. He was right and at each step of the way members of the Identity Gang have been there to guide us and throw in their two cents. Thank you especially to Bill Washburn whose advice and brainstorming with us has been invaluable. We look forward to working with him even more in the future. Also, the gracious hosts of IIW; Phil Windley and Kaliya Hamlin.

A huge thank you to Eran Hammer-Lahav whose personal guidance on OAuth has helped shaped our API and allowed us to get to this point in a big way. Writing the spec for a protocol as important as OAuth is no easy task and he was just the person needed to see the spec to its completion. Thank you also to Chris Messina and everyone else who pitched in on making Oauth possible. The last thank you goes out to the New York City tech scene which we are proud to be a part of. Allen Stern, our transparency brother in arms John C. Havens, and all of the NextNYer’s out there every day representing the NYC and those of you who continue to build invaluable web services.

The really, really last thank you goes to the whole BeenVerified.com team over here. A monstrous amount of time and effort has been put in these last few months to get our product to where it needed to be and they all deserve a very big thank you (and lots of beers!). If I never have to look at our CTO, Jason Amster, at the office at 2am for 5 nights straight again I would be a happy man. He took on an enormous effort and worked harder than one man should. Also, if you find a bug in the code, I’m sure he’d love to hear about it!

There are many more people to thank but we can save that for the next awards speech. For now, it’s back to work and back to making BeenVerified.com the easiest and most secure way for you to prove your identity and accomplishments online. Much more to follow, stay tuned…

Some interesting stories coming out of South by Southwest today, but none more appropriate for us here at BeenVerified than the media frenzy surrounding the chaos of Zuckerberg’s keynote interview and his admittance that Facebook messed up when it comes to user privacy. The Wired Magazine article, “SXSW: Zuckerberg Keynote Descends Into Chaos as Audience Takes Over”, detailed how the audience was not happy with the questions being asked and took it upon themselves to ask what they felt were the real issues. Apparently, “after some more shouted remarks, Lacy turned the microphones over to the members of the audience, challenging them to come up with better questions. Attendees rushed to the microphones and got right to it, asking Zuckerberg about privacy and data portability…”

We see this as momentum building around giving internet users control of their online identity and making it easy for them to take their data where they want, when they want. As mentioned in our last post, we have been working on something for the past few months that does just that and we are getting pretty excited to roll it out very soon.

Business Week also had an interesting detail of the events, “Facebook CEO Admits Missteps”, although a much more water downed version of the events. They focused more on Zuckerberg’s comments that indeed users want more privacy and control of their data. According to the article, Zuckerberg said, “almost all of the mistakes we made, we didn’t give people enough control,” he said. “We need to give people complete control over their information. The more control and the more granular the control, the more info people will share and the more we will be able to achieve our goals.”

We are curious to see what Facebook comes up with (if anything) to actually rectify this or if they are just talking to satisfy the masses. One thing I will mention about our upcoming new release is that the major focus is on granularity and giving our users the most control possible on each piece of information they wish to share with the world. It took a lot of work (basically, re-building our entire web application) but as Mark noted here, and we were able to tell months ago, we felt it was of utmost importance to help advance our business.

New release is coming soon and then we can really talk without being so cryptic ;)…

Photos: Jim Merithew/Wired

The results of three months of being locked in our office (it’s winter in NYC so no big loss, really) is pretty close to being unveiled and we are extremely excited about it. We added tons of flexibility to the use of our services and actually wound up taking out a lot of features that weren’t being used. We tried to keep things simple as possible. We will keep you all posted and of course provide full details of our new updates once we go live with them.

Current users there should be no disruption in our service, so nothing but good things to look forward to…fingers crossed

BeenVerified would like to officially welcome all Citizendium.com members to BeenVerified. Citizendium is an online encyclopedia project that was started by Larry Sanger, one of the founders of Wikipedia. The Citizendium project is different from Wikipedia in the fact that they use real names and real identities. Additionally, Citizendium puts more emphasis on transparency and does not tolerate some of the policies that have gotten Wikipedia in trouble in the past. Their goal is to create a knowledge base of resources that can be trusted because editors are held accountable. For full details on the difference between Citizendium and Wikipedia, check out “We aren’t Wikipedia”.

BeenVerified will be providing Citizendium members with identity verification should they choose to become members of BeenVerified and it will be an optional service for Citizendium users. Going forward we will be working with Citizendium to implement some features that would let members voluntarily choose which credentials they would like to present on their Citizendium pages. We are very excited to be working with Larry, his team of editors, and all of the Citizendium members. We think having the ability for authors to prove their credibility from within their wiki postings is a huge advancement in the wiki process. Additionally, prior to BeenVerified, this was something that was not possible on the anonymous web.

If you would like to contribute to Citizendium, you can do so here. If you would like to read more about how they review a contributing editor’s application you can go do so here.

If you would like to learn more about becoming a BeenVerified Partner, please visit our Partner Page.

In the last few years, the Internet has built up a huge infrastructure capable of handling millions of meetings, interactions, and discussions amongst people. Does anyone even remember when the web was called the “Information Super Highway”? For the most part, the web has become about people and meeting people for fun, romance, money and all the other things you do with people offline. The downside to all of this is that people can create a profile with a false identity instantly. It doesn’t even take stealing an identity, as much as just signing up for a service and filling in the blanks on your profile and then start sending it to people.

In the Sunday New York Times this weekend, they ran an article about the founder of a website called PlentyofFish.com which is a free online dating site. From the article, “the principal customer service that Plenty of Fish provides is responses to complaints about possibly fraudulent identities”. This is not surprising considering that the site lets anyone sign up and then anyone can post any info about they want. It is very easy to create a profile that says you are a 35 year old doctor from New York City but you really are a 15 year old from the Midwest. That is one of those things that doesn’t seem like a big deal, until you are the person who spent months investing in what you thought was a legitimate relationship.

So I thought the title to that blog posting, “Now You Can Trust Internet Profiles”, was great. It sums it all up, that NOW communities have an easy, free way for members to prove they are who they claim. Since BeenVerified is always voluntary, communities just need to offer it and let their users decide if it is beneficial. We started this for freelancers and job seekers but almost everybody and every community has a need for knowing the true identity of the people they are meeting online.