?

Consolidating your online activity to a single ID is a bug.

1. It enables correlation, tracking, and stalking across sites.

2. It makes people vulnerable to being locked out of that single-ID provider.

3. It makes people vulnerable across multiple services to a compromise of that single-ID provider.

4. It risks alleged abuse at any one service relying on the single-ID provider causing problems with other services, or the SIDP itself. Reputation attacks, Joe Jobs, and the like become attack vectors.

5. In the specific case of Apple, the represented population is small enough that sites relying on it would exclude a huge number of people, if there were no other alternatives.

I'm of an age and from a time in which one didn't use one's real name online, with very rare exceptions, and in which compartmentalising activities into different independent services. Service consolidation, where a small set of ogolopolistic actors snap up previously independent companies, and then decide to forcibly integrate those services, is yet another problem. One of the highest-voted HN submissions I've been associated with was my own report of this happening, 13 years ago, on Google+: <https://news.ycombinator.com/item?id=6746731>. (The submission was by @davidgerard, but was based on my own G+ experience.) The original G+ content is archived here: <https://web.archive.org/web/20120118044728/https://plus.goog...>. NB: the discussion on that thread is quite interesting.

Relevance being I've been following this practice for a long time. Well before the G+ post mentioned as well.

The backstory on that post: not only had Google integrated previously independent G+ and YouTube accounts, but it did so based on email address, often linking real-name and pseudonymous accounts. Several people found themselves outed in different, and more significant ways, including revealing personal, social, political, or other aspects with public and professional accounts.

I'd already preempted this to a large extent by acting when I first heard the "Google+ is an identity network" comment by then-Google CEO Eric Schmidt to NPR reporter Andy Carvin in an impromptu and unscheduled interview, in 2011. I deleted the several-weeks-old personally-identifying G+ account, and employed my "dredmorbius" persona to create a new account.

See "Google+ is an identity service, says Schmidt" <https://www.marketplace.org/story/2011/08/29/google-identity...> based on the G+ account by Carvin, archived here: <https://web.archive.org/web/20111015105327/https://plus.goog...>.

Online identifiers serve multiple purposes. I don't mind having a persistent identity as "dredmorbius" or occasionally "Doc Edward Morbius" (I've deliberately avoided using "Dr." for some time to avoid falsely claiming any unwarranted credentials). But where I don't care to have that association made, I have, or create, other independent aliases.

My general feeling is that ID systems should be at a minimum-viable-level basis, and largely a separate consideration from another often-conflated aspect, reputation.