Account: represents a billing entity which pays (or doesn't) for service. Has at least one Identity, may have more than one.
OK, I've gone and contemplated for a while, and I've come to the conclusion that having multiple identities per journal is a really bad idea, and I'd like to encourage you to stick with LJ's model of "If you want another identity, get another account/journal from another email account."
The reason why, is that I think it creates the security equivalent of what is known as an "attractive nuisance" in tort law -- something which entices people into doing something which is actually dangerous to them. Specifically, that having separate accounts for separate identities provides greater security for the owners of those identities; if identities are actually connected to the same account, it's far more likely that a server code bug will accidentally divulge the connection between those identities and it's far more likely that someone would be able to connect identities by compromising the server and so forth.
By enforcing the separation of identities right in the architecture, I think you help protect the users from a "convenience" which actually exposes them in a greater degree to exactly that risk they were avoiding by creating multiple identities.
For most people, the convenience of only having to enter a credit card number once far outweighs the security. For those who are more worried about security, tho, multiple accounts should be an option, and the security benefits should be well-documented.
For most people, the convenience of only having to enter a credit card number once far outweighs the security.
Well, yes. That's my point. :) That presented with that "convenience", most people won't worry about security and will opt for convenience, without realizing the risk they're running. Which is why I don't think it's prudent to give it to them.
All of which reminds me of the ugly issue of liability and legal structure. So, is Elsejournal gonna incorporate or what?
OK, I've gone and contemplated for a while, and I've come to the conclusion that having multiple identities per journal is a really bad idea, and I'd like to encourage you to stick with LJ's model of "If you want another identity, get another account/journal from another email account."
The reason why, is that I think it creates the security equivalent of what is known as an "attractive nuisance" in tort law -- something which entices people into doing something which is actually dangerous to them. Specifically, that having separate accounts for separate identities provides greater security for the owners of those identities; if identities are actually connected to the same account, it's far more likely that a server code bug will accidentally divulge the connection between those identities and it's far more likely that someone would be able to connect identities by compromising the server and so forth.
By enforcing the separation of identities right in the architecture, I think you help protect the users from a "convenience" which actually exposes them in a greater degree to exactly that risk they were avoiding by creating multiple identities.
Reply
Reply
Well, yes. That's my point. :) That presented with that "convenience", most people won't worry about security and will opt for convenience, without realizing the risk they're running. Which is why I don't think it's prudent to give it to them.
All of which reminds me of the ugly issue of liability and legal structure. So, is Elsejournal gonna incorporate or what?
Reply
Leave a comment