WordPress and ‘persona separation’

Anyone who has heard me talk on the subject of privacy has probably heard me say how important I think it is to be able to reflect different privacy contexts by using different ‘personas’.

Privacy is – somewhat paradoxically – not about secrecy. If I keep all my information secret, I’m not “private”, I’m a recluse – asocial. Privacy is a social phenomenon; a way of ensuring that we retain the freedom to interact in one way with our loved and trusted companions, in another with, say, business and social acquaintances, and in yet another with people we’ve never met. You can do all this without failing to be true to your nature or character. It is healthy and appropriate to have different privacy rules for different circumstances and relationships. Someone who tries to deny you this ability is denying your right to interact socially on your terms, rather than theirs.

This is one of the many reasons why the “nothing to hide, nothing to fear” bleat should be reacted to with derision as a minimum, and outright hostility for preference.

But that’s not what I was going to write about. 

No, all I was going to do was observe that WordPress’s deployment of OAuth-based authentication is actually far better designed than its own authentication mechanism. Persona management just happens to be why I think that’s the case. Here’s why.

I happen to have two WordPress accounts, one of which is pseudonymous. There’s nothing sinister in that. I just occasionally what to post something caustic or mildly risqué which, in the context of my “Robin Wilton” blog might offend some readers, or might simply be irrelevant to that audience. (For instance, the identerati are probably not the least bit interested in my probably-not-very-funny pastiche in homage to the late Alan Coren).

But a couple of times, I have – thanks to the not very well designed authentication and persona management aspects of WordPress – published a post to the wrong one of the two blogs. OK, I delete and re-publish, and probably no-one noticed… though depending on things like RSS refresh intervals, someone may have done. That problem is worse if you have multiple accounts with a more synchronous protocol, like Twitter.

But if you’re commenting on someone else’s WordPress blog, as opposed to posting on your own, you get an OAuth-based alternative, so that you can authenticate using, say, your Twitter or Facebook account. If you choose that option, not only should it be fairly obvious which you’re using (because you have to click on one icon rather than the other), but WordPress actually reminds you, before you hit Publish, which persona it is that you’re about to use.

From a privacy perspective, it’s all rather nice. If only WordPress’ own login and dashboard were as well designed.