Dodgeball goes Gauth, reveals GOOG’s masterplan to p0wn your ass

Did you know that Dodgeball's been assimilated?

Don’t say I didn’t warn you, but now when you try to log into your favorite neighborhood spyware, you’ll be greeted by a prompt to login with either your old skool Dodgeball account credentials or your Gauth account (the one that you use for Docs, Gmail, Gcal, Orkut, or other Google Services like YouTube (whoops — did I just say YouTube?).

Should you choose to login with your Dodgeball account, you’ll then be asked what your Gauth account isagain… or to create a new one. I chose to eff it and just merge my accounts (hoping that there’s an export of my checkins to Google Earth). Now I can manage Dodgeball from Google (note the last service):
Dodgeball as Google Service

The BorgSo here’s an interesting theory. Or maybe a foretelling of the inevitable. But clearly everything that Google buys, it will, somehow, someday, assimilate. Just like Teh Borg a generation before it.

I mean, from a business perspective, it does make sense. Yahoo! at least had the sense to make it utterly optional for Flickr and Upcoming users to use or create a Yahoo account for logging in (though they’ve recently backslid into pushing straight-up Y! Auth at Flickr).

So in light of the GooTube buy-out, what’s interesting about this Dodgeball stitchover is what happens if they do the same to YouTube (which, of course, they will, giving them a lump sum portion of the nearly 20M monthly uniques as new or merged accounts under their proprietary authentication system). …Which then, of course, can be used at other Google Authenticated sites. But hey, how useful are those accounts on sites that don’t use their system? Yeah, about as a good as a false username and an incorrect password: utterly useless.

Which leads me to pimping OpenID, the open grassroots alternative I’ve previously discussed. If Google opted to interop with (or help develop) this emerging standard, users would be centrally in control of their data — and able to rely on vendors that they choose to represent them — hell, even run their own identity server if that’s their wont — and take their data with them. And now is more critical than ever to raise these issues as the major players push , BBAuth and GAuth while independent identity projects struggle to keep it together and muster their collective will in crafting a standard that keeps users’ rights and interests squarely at the fore.

Thus with Google standing guard squarely between me and more and more of the services that I use, I’m starting to bear witness to the rise of a very insidious environment — where, heck, the kids’ll just keep following the into unknown territory until Google single-handedly locks’em all up in its walled-garden-silo, never to escape with their data or their friends again (that’s not evil, is it?) — or at least that’s what it looks like from here, given their culture of secrecy and expediency in converting existing login systems to their own (Writely, Dodgeball, Blogger, Picasa, Google Earth, etc).

But hey, I still remain hopefully naive while decidedly skeptical; if it’s not Google that gets there first, maybe it’ll be Apple with their patent on transportable identities. And, if there’s something you want to do about it in the meantime, if you’re running WordPress, go ahead and grab the new . Perhaps if we take the identity matter into our own hands and do something about it first, they’ll have no choice but to keep the gate to their walled gardens, at the very least, unlatched.

24 thoughts on “Dodgeball goes Gauth, reveals GOOG’s masterplan to p0wn your ass”

  1. A great post.

    I’ve said it before, and I’ll say it again…

    I’m not scared of Google, directly. I’m scared of the fact that all my data *is* in their one silo, available, perhaps, to the lawyers that finally poke an argument through and force it out.

    It’s not Google, it’s the *others* I’m more worried about when given a very large, very lucrative target like the Google Auth dataset.

    Oh, and Chris – you’re the canary in the coal mine. Thanks. :)

  2. Pingback: O'Reilly Radar
  3. People haven’t gotten used to their name popping up on the gmail chat list yet- they will be freaked out by d-ball.

  4. Big deal. Of course they will integrate into the google namespace. They would be stupid if they didn’t. You give Google too much credit.

  5. Chris, why do you use dodgeball ?? Is that not an opt in for you ??

    And why should not Google fold in ther GAuth into every service that they aqquire. Its their property. So every new user from an aqquired service is given a GAccount and then they have the full suite of services available. Whats wrong with that model ?

    Secondly, If I remember correctly– 3rd party apps could also use the GAccount and Gauth process seamlessly.

  6. OK, but *Google* will distribute the Borg Face Masks at no charge so we can pretend we have a choice in it all. Stop complaining – just relax and let Google take over ….. everything.

  7. Very nicely articulated. It is a shame that Google can’t step up and go past “do no evil” into “try to do some good.” They should have developers helping out startups and supporting some open standards.

  8. @/pd: I opted in before Dodgeball was bought by Google. And everything was fine while they were ignoring it. But now that I’ve brought my accounts together certainly I’ll have better service — but the problem is that I can’t take this data easily elsewhere nor run my own non-Google Gauth service.

    So, for example, say I do choose to leave Google or not use their services anymore… how do I authenticate against other sites that only support Gauth? In the OpenID world, anyone can run an OpenID server — so if someone screws me over, I can move my identity elsewhere. With Google (like Passport before it) that’s not the case.

  9. I’d like to talk with you about InfoCards – the technology on which Cardspace is based.

    InfoCards aren’t counterposed to independent identity projects.

    The technology is open. The specifications are open. A lot of smart people are implementing InfoCards in open source. Anyone can operate an “Identity Provider” that will work with InfoCards – including with the Cardspace identity selector.

    MSN does have a MSN-specific protocol used by Live ID that is similar to BBAuth and GAuth, and can reasonably be characterized as systems operated by large enterprises.

    The same cannot be said about CardSpace. I hope you’ll explore this further with me.

  10. whether you’re msft, yhoo, goog, or anyone else, the business motivations for
    owning logins are pretty self-evident. of course, i’m no mba, so i can’t speak
    to whether or not they’re actually valid. all i know is, that way lie
    dragons…and religious flamewars. :P

    having said that, google is very aware that its success is largely due to its
    users’ happiness. hence gdata, and the ability to export your data from pretty
    much any google app, whether it’s gmail or orkut or maps or even reader.
    lawyers and suits can write legalese EULAS and TOSes all day long, but users
    get unhappy if they lose ownership and control of their data, and rightly so.
    facebook, for example, learned that the hard way.

    and you’re right, interoperability is the next step. openid actually has a
    fair amount of grass roots interest internally. it’s only at the “hey, that’s
    cool” stage right now, but it’s gathering momentum.

  11. Kick ass article. Yeah I’m with you there, Google is very much like the Borg. Scary to think of one company doing so much and having access to so much information at once.

  12. I tried to think of a site that – if GOOG bought it and integrated it with GAccounts – would really freak me out.

Comments are closed.