Welcome to Tech Talk, a weekly column about the things we use and how they work. We try to keep it simple here so everyone can understand how and why the gadget in your hand does what it does.
Things may become a little technical at times, as that's the nature of technology — it can be complex and intricate. Together we can break it all down and make it accessible, though!
How it works, explained in a way that everyone can understand. Your weekly look into what makes your gadgets tick.
You might not care how any of this stuff happens, and that's OK, too. Your tech gadgets are personal and should be fun. You never know though, you might just learn something ...
You need a good ID vault more than ever
A new feature for Android was announced, and it's likely that most people didn't notice or care about it: on-device support for OpenID standards.
It makes sense; this sounds like a really nerdy thing that nobody asked for and you have no intentions of using, but it's not. Well, OK, not very many people asked for it, but only because they had no idea it existed or that it was needed. We do need it, and you will end up using it.
How this all works is a rabbit hole of tech that is really difficult to understand completely, but easy to see the high-level picture.
You'll enter a form of verified digital ID, like a driver's license or a passport, into a wallet app. This app uses OpenID open-source standards to ensure it's secure — plenty of eyes are on its code and actively trying to break it. It will never be 100% foolproof because nothing ever is, but it's pretty secure.
That app doesn't need to do anything other than be a place to store these credentials. In fact, I'd say that's all it should ever do because that's a really important thing. Think of it as a big, heavy-duty bank vault to hold your ID.
When another app needs to verify who you are, examples given include Amazon, CVS, or Uber. You pick your ID from the list, and that ID vault app sends the relevant details securely between them. You don't have to take a photo of anything or send a copy of your driver's license to Amazon, or anything else. The app knows who to ask (the Digital Wallet, or ID vault) and knows what to do with the information it is given.
All this is done on your phone, it's all encrypted, and it's surely going to be easy to wipe all details if you need to do it.
All you have to do is enter your ID into the right app, and the rest is done for you. Normally, I don't like it when things happen automatically, but this is not one of those times. I know if done properly, this system will do a much better job of keeping my identity secure than I ever could. My only problem is making the right choice.
The problem isn't really a problem: regular users (that'd be you and me) don't need to know about any of this for it to be effective. We can just use it and benefit without knowing any better. But that means we either need Google to act in a very walled-garden way and act as a gatekeeper for which developers can use it and how, or we have to make the right choice.
The first isn't likely to happen and probably shouldn't happen. Companies like Google and Apple control the mobile phone market, and giving them even more power is a bad idea. In Google's case, with an enormous amount of leverage worldwide through Android, it's a very bad idea.
That means you have to be able to trust someone. So, who to trust?
That's tricky. The only thing I trust a tech company to do is things that benefit it. Having said that, I know that you can trust a company like Google (or Apple, if you use an iPhone) or Samsung because they have too much to lose if they screw it up. Google says 1Password is also going to incorporate this more secure "ID vault" feature as well, and we can probably trust them, too.
Who you can't trust is the better way to think about it. There could be a development team out there that can do this so much better than Google or Samsung ever will. There could also be people who just want to make a quick buck, do the very basics, then stop caring. Until you can determine which is which, you can't trust either.
I know that's awfully cynical and a little unfair. I don't care, and neither should you.
When that amazing app that does a great job hits the scene, a lot of eyes will be on it. The right people will look at it, and they'll tell you if it's as great as claimed or if it's just a dud. You need to let those right people have a long, hard look and trust them, knowing they know a lot more about this than we do. Unless, of course, you are one of those right people; if so, make sure to tell the rest of us what you think, OK?
When everything is finally squared away and this is how we handle identity verification in the future (I think it will happen and know it needs to happen), do the smart thing. Install Google Wallet or Samsung Wallet and use it. Don't be tempted by something with a fancy UI or shiny bits until someone tells you you should.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
