One threat to user privacy and trust on the Web is the use of email for purposes beyond login and direct communication with the user. Email is often used as a login key, and has the valuable property that it can then be used for transactional messaging as well as for newsletters and direct marketing (where respectful). It is, however, increasingly being reused in order to recognise users across contexts to track and target them. This use is contrary to the expectation of users and leads to decreased trust which means users are less likely to want to share their email even to publishers who only use it for legitimate purposes.
It is core goal of the Web and of a healthy advertsing ecosystem that one can log into a site with full trust, without worrying that this will enable cross-context recognition or spam.
WebID is an interesting proposal in this direction, and may be part of the MOI solution, but it does not include a messaging component. If we are to make it possible for emails to be eliminated from the Web platform, we need to offer a messaging capability that can advantageously eliminate email and any other cross-context identifier.
Using MOI, users are authenticated to sites and identified with an opaque identifier, either from a system like
WebID [WEBID] or, skipping the notion of having an IDP entirely, directly from credentials generated by the browser and
submitted to standard endpoints (eg. /.well-known/moi/create and /.well-known/moi/login). This latter option has the
advantage of simplicity, but assumes that there is a standard to sync data between different browser vendors to ensure that
people don't have to use the same browser account everywhere.
These credentials are rendered messageable by having the browser poll from a simple mailbox protocol (blinding IP if
possible) being limited to list/read/delete operations on /.well-known/moi/inbox. For safety and simplicity, messages are
in SLIC format (and open data can be safely channeled through the browser rather than snuck in through images). The
browser (or a trusted delegate) can of course build a bridge to email if desired. Unsubscribing is a simple matter of
telling one's browser to stop polling.
Under this approach, there is no reason for a website to know one's email, and we should be able to (slowly) reach a stage at which asking for it is suspect. MOI eliminates not only cross-context identification but also a lot of spam surface. As a nice side-effect, it significantly decreases email address switching costs (as opposed to schemes that generate single-origin email addresses).