Trevin Chow

Microsoft Bing launched today publicly, and color me impressed.   I was always a fan of portions of Live Search, but the improvement they’ve made across the board with Bing is impressive. It’s nowhere near a Google knock-out punch, but it has marked improvement in key areas, that it’s going to be hard for people to ignore how well Bing performs. Perhaps John Battelle’s 2009 prediction of “at least a five point gain in [Microsoft] search share” will come true after all?

Searches to try to see some of the new functionality:

1. “Up” – will give you movie showtimes in your city
2. “Up” video search will give thumbnails of videos, but the best part is when you hover over each with your mouse pointer.  Instant preview!
3. “flights from sea to nyc” shows you airfare predictions based on Farecast technology with one click access to 30-day outlook on fare prices.
4. Medical searches like “swine flu” – see the left hand side for categories to help refine your search (Articles, symptoms, causes,…), related searches (who knew there was a  “1976 swine flu scare”?) and also returns credible results at the top from the Mayo Clinic.
5. Using Bing Maps, simple food searches like “pizza” will auto detect your location and show you all matching nearby restaurants .

This obviously isn’t an exhaustive list, but are neat improvements I’ve noticed in my usage over the past couple of hours.  Anything cool I’m missing?

I’m really on a roll the past few days with blog posts on digital identity.  My new love is e-commerce with my work on Windows Marketplace, but it’s hard to ignore the recent waves in “big” news in the digital identity world.  Given my expertise in the area, I can’t help but give my 2 cents (or 4 cents ).

After reading all the blogs entries and resulting comments on sites like TechCrunch, there is a lot of confusion on the significance, or lack thereof, of all these recent announcements (Google, Microsoft) around new OpenID providers.

First, let’s define a few terms:

Identity Provider: An Identity Provider is an entity that issues identities and resulting credentials used to authenticate as that identity.  These are almost always an email address and password combination.  Example of this is Microsoft issuing Windows Live IDs (e.g. foo@live.com or bar@hotmail.com) with a password.

Relying Party: A Relying Party is a site or service that accepts assertions of a user’s identity from a specific Identity Provider. This term is always used in conjunction with the name of an identity provider.  For example, a site that is a “Windows Live ID relying party” accept identity assertions from Windows Live ID.

OpenID Provider: An OpenID Provider is an Identity Provider that interoperates with OpenID.  It enables users with identities it has issued to authenticate to services that accept OpenIDs.  It does this by authentication a user’s credentials, then issuing a proof of that authentication (commonly referred to as a service ticket) that the user can present to a service that accepts OpenIDs.

OpenID Relying Party: Refers to a site or service that accepts user identity assertions from an OpenID Provider.

Now that we’ve gotten terminology out of the way here are several myths that are prevalent in many online discussions about digital identities, and in particular, discussions about OpenID:

Myth: Becoming an OpenID provider makes you more “open”.

Fact: By becoming OpenID providers, an identity provider just allows all of its users to access OpenID sites. So technically, they aren’t more open in the traditional sense since they didn’t grant access to it’s services to any more users than it already had.  It just allowed their users to access the services outside of its control, namely, OpenID relying parties like Plaxo.  So in reality, becoming an OpenID provider is really a greedy strategy by (1) letting your users access more, and (2) jumping on the bandwagon to not only ride a good press wave, but also to hopefully encourage more users to use you as an identity provider.

Myth: Becoming a Relying Party disempowers a site’s native identity provider since it no longer hold it’s user information (think Gmail to Google, or Flickr to Yahoo).

Fact: This is not true. In fact, by becoming a relying party, there are very few risks and you still have the ability to hold all the user information accumulated on service usage.  Becoming an OpenID provider or relying party, does not imply that you need to share a user’s profile with any other service.  The only risk in becoming a relying party is if you accept assertions from an identity provider that doesn’t legitimately authenticate the user’s identity.  Imagine accepting identity assertions from an Identity Provider that didn’t use passwords, and all you did was enter an email address to be authenticated.  You wouldn’t be able to trust that the user really was bill@gates.com when the assertion was presented to you

Myth: All the recent OpenID news about these new OpenID providers will solve all the digital identity problems.

Fact: As mentioned the other day, it doesn’t really matter how many OpenID providers there are. The real issue at hand is how many OpenID Relying Parties exist.  Right now, there are very few which makes the utility of OpenID very low and just makes for good PR talking points.  It will be monumental when you see all the Google, Yahoo and Microsoft services becoming OpenID Relying Parties.

Myth: OpenID is more secure than Windows Live ID (or any other identity provider).

Fact: First, this statement doesn’t make sense since OpenID is essentially just a set of protocols, and Windows Live ID is an identity provider.  If the real statement is that an OpenID provider is more secure than a non-OpenID provider, then unfortunately. that is also incorrect.

From the eyes of the consumer, the security of an identity provider really has nothing to do with the underlying protocols that are used.  They just know where to go to authentication and how to authentication. This is why fewer Identity Providers are good because we reduce the risk of phishing scams where users unknowingly give their credentials to a malicious party.

The security of an identity provider is really about the security of the credentials used to assert a user’s identity. The great thing about OpenID is that since it is an open system and since anyone can become an Identity Provider, it paves the way for there to be competition and natural selection to occur among Identity Providers.  With OpenID, we’ve seen the rise some fantastic security solutions that will make a real impact with customers when we have more OpenID relying parties.  For example, investments by VeriSign in 2-factor auth, gives me a lot of hope that other Identity Providers will follow suit.  This will force the entire industry to not only increase the level and expectation of security, but also make it easier to use for the everyday user.

Today will be the day that we remember OpenID becoming the standard for web authentication and single sign-on.

Hot on the heels of Microsoft’s announcement, Google gave the final boost of credibility that OpenID needed by announcing their move to also become an OpenID provider.

Now the 3 big boys of the internet (Microsoft, Yahoo and now Google) are all OpenID providers, OpenID has taken a huge leap towards true convergence for digital identities.

While all these OpenID provider announcement are coming out, in order to make OpenID truly ubiquitous, all these identity providers that also have services (which they all do), need to also become OpenID relying parties. In other words, Yahoo, Google and Microsoft need to all start accepting OpenID authentications for their all services.

Once that happens, we’ll have true digital identity ubiquity all tied together by OpenID.  Here’s to praying that happens sooner than later, so I can cross-off a big pain point in my online world.

Outlook and Exchange are the center of my universe due to the integration with my cell phone thanks to push-email and over-the-air sync.  If you’ve never had this capability (includes all you iPhone users!), then you don’t know what you’re missing.  There’s never a situation where there is out of sync information between my phone and Outlook, and since the master copy of my address book is in Exchange, losing or changing cell phones is easy schmeasy.  You’ll never see me send an email that says “Hey friends, I’ve changed cell phones and need all your phone numbers again“.  Sound familiar? Probably one of your friends that switched from their Motorola Razr to an iPhone  

Due to my reliance on Exchange I’ve never jumped on the Google Calendar bandwagon despite using Gmail for my personal email.  Google Calendar is a great product, but the last thing I want to do is manage a manual sync between it and Exchange.  To say that would be a nightmare would be the understatement of the century.  The shunning of Google Calendar has proved problematic for my personal life since many of my friends use it to send me event invitations to my personal email address instead of my work email address.  To them that makes sense since it’s a personal event, but to me, I need everything to go through my Microsoft email address for Exchange.

Well now to solve my problem, it looks like Google has finally release two-way sync between Google Calendar and Outlook!  It’s a client side component so it has to be installed on my work machine to get sync’d to my Exchange server, but this is definitely the next best thing to have server-side support.  With this app, I won’t have to tell my friends anymore to re-send the invitations to my work email, manually enter the appointments in Outlook, or even set up email forwarding rules.

The initial reviews I’ve read of the app is great and seems to just work exactly as advertised.  I’m anxious to install this app when I get to work tomorrow!

Background

In the past I’ve always been a big fan of hosting my own email server and accesing it by IMAP. However, as the years have gone on, my free time to administer the box has dwindled making email hosting very difficult. Luckily the revamped “web 2.0″ email services have gotten so good in the past few years, and with storage space increasing, there was less and less reason for me to do the hosting myself.

I’ve had the same personal yahoo email address for the past 5 years, so I’ve always dreaded the thought of moving to another email provider and managing that transition process. It would also be it especially painful to make the move again if I ever changed my mind to jump ship for yet another email provider.

Planning the move

4 months ago I acquired my own domain name, trevinchow.com, and made it my “new” personal email address along with hosting my own wordpress blog. To make things easier on myself, I ended up forwarding all emails to my yahoo.com account as I maneuvered through the transition process. Gradually, I was able to let all my friends know and update all my mailing list and e-commerce site subscriptions to the new @trevinchow.com email address.

I finally got to a point where I was comfortable abandoning my Yahoo mail since all the dependancies on it were down to either (a) spam or (b) spam. The real catalyst to this whole transition was the support that Google added for a custom/personal domain for email. Google essentially copy-catted the same service that Windows Live released in November 2005 .

Officially dubbed Google Apps, they provide hosted services for any domain you own and provide you a la carte services for email, IM, calendar, docs and spreadsheets and more. Their target market seems to be small and medium-sized businesses where running and maintaining their own local infrastructure would be much more costly. (I know that Google is trying to compete with Microsoft Exchange and Office in one fell swoop here by charging $50/user per year, but realistically I’m not sure how fruitful this will be for them. How many businesses would trust Google to store their sensitive business data?)

The sign-up process

I already had an existing “Google Account” for the same email address I wanted to use for the new Google App account, which was also tied to all sorts of existing services like Google Analytics and Adsense. I definitely expected this to be a troubling sign-up process.

I proceeded to the sign up process and I was pleasantly surprised by how simple and seamless it was. At no time did they give me an error message saying that I already had an existing account; they just processed my registration and everything seemed to be kosher. They gave me instructions on how to setup my MX record to point to their mail server to get hosted email. My webhoster, bluehost.com, makes adjusting MX records very painless through their administration interface so this was a snap.

After the sign-up process completed, I was pleasantly surprised that all my other services were still intact with no notable changes. Everything operated smooth like butter.

Transitioned!

Fast forward 24 hours and I’m fully on Gmail. Yes, it was fast transition process. I was most afraid the entire time about how I would migrate 5 years worth of personal email from Yahoo to Gmail. Turns out that since I’m a Yahoo premium subscriber, they unlock the POP3 interface for me. Gmail provided a really easy way for me to specify my Yahoo credentials and all my email was imported over the course of a few hours as it processed it in chunks of several hundred emails. Slick.

Overall I was extremely pleased at how easy the process was and so far I’m loving it. The obvious question right now is “Why not did you move from Yahoo?” and “Why not Hotmail?”. The biggest reasons:

• Conversation threading
• Lightweight interface
  • I love the quick loading and shortcut key driven interface
• Extensions, extensions, extensions
  • There are so many freaking firefox extensions to modify the behavior of gmail which make it that much more compelling

The good

• Quick, quick, quick
  • Wow this thing loads fast. Yahoo Mail was just a freakin’ dog when it came to page load times. They made it even worse with the Yaho Mail Beta which was supposed to speed things up with AJAX.
• Shortcut keys
  • Nearly every operation you can think of has a shortcut key in Gmail. The bummer is that they are different from Hotmail and Yahoo mail so I have to re-learn then all. Let me tell you, it’s painful to not have ALT+S mapped to “send”, which is what it is in both Outlook and Yahoo Mail.
• Greasemonkey scripts
  • Since I already had the greasemonkey firefox extension, I’m able to leverage some neat Gmail scripts that have been created:
  • Folders4Gmail
    • Create hierarchical labels. Works great with the above tip about using labels+auto-archive for folder emulation.
  • Gmail Beautifier
    • Remove ads (!) and makes the email pane wider
  • Gmail Reply to All
    • Adds “reply to all” button to all emails. Not even sure why Google doesn’t have this by default.
• Google Talk integration
  • Their integration with Google Talk is VERY cool. Even though I’m still a diehard Windows Live Messenger fan, Google’s lightweight integration allows me to use it alongside of Messenger.
  • I love how the chat sessions are saved and searcheable the same way that email is. Slick.
  • I wish that Gmail was smarter when I imported my contact list. They should have seen all the contacts that has @gmail.com accounts and given me option of adding them to my quick contacts for easier chatting.

The bad

• Login
  • Why doesn’t Google let me login on the regular Gmail login page? They require me to login through a special Google Apps login portal at http://www.google.com/a/trevinchow.com. If I try to login at http://mail.google.com, I get prompted to create an @gmail.com account. WTF?

• Spotty support (No Gmail mobile application support!)
  • As I try to access more and more Google services, I’m seeing the big seams in their support for my new account. I not only have a special login page, but I can’t use the java-based Gmail Mobile Application. When I try to login with my email address on the smartphone rich client, I get the error “Please enter your Gmail username and password, not an email address”. After some digging, I find out that they do in fact support Google App accounts, but only on Blackberries. Yeesh.
  • Among the great things that the Windows Live ID team has done, they go this scenario dead-on with 100% support. All the Live ID accounts created through Windows Live Custom Domains are full fledge Live IDs — in other words, they are completely supported like a non-custom domain. Google still has a lot of growing up to do it seems.
• Lack of folders
  • Yes I know that you’re supposed to rely only on Labels in the gmail world. However, Google went too far in the other directions by eliminating folders. There are certain classes of emails that I do want to filter to separate folders out of my inbox view. For example, I’m on some mailing lists that I just don’t need to read all the time; once a week is enough. Why have these emails in my inbox? IMO, Google should have did what Outlook did — use labels coupled with folders and let users determine what works best for them. Personally I’d use a combo of both like I do in Outlook.
  • Luckily, my friend pointed out to me that you can effectively get folders by setting up filteres to “auto archive” emails that trip the filter after labelling it. This eliminates it from the inbox view, keeps the unread status but still retains the emails. Although it works, couldn’t Google just give me folders?

• Lack of context menus and drag-n-drop
  • At some point, I got really used to (and liked) context/right-click menus and drag-n-drop in Yahoo mail and Hotmail. I don’t know when it happened but it did, and I never realized it. That is, until I moved to Gmail. I really miss not having to hunt around with my mouse for an action to click, but instead being able to right-click with my mouse and do that same action.

Gmail — the killer? Nope

Despite the anecdotal success stories you read about Gmail, it’s important to still keep in perspective the overall usage of Gmail compared to other email providers. Gmail’s userbase is paltry compared to the market leaders, Yahoo and Hotmail.

(from Mike Torres)Closing thoughts
Having said all of this, one questoin is whether Gmail is for the masses? In my opinion, it’s a resounding “NO!“. I definitely would not recommend it for my mom, or even my brother for that matter. It is so different than traditional email applications and has features that a lot “regular” user doesn’t need (and missing some they do). My mom doesn’t care about labels and won’t understand (or care for) conversation threading. My entire family uses webmail and relies heavily on folders. I can only imagine trying to explain to them the auto-archive workaround to emulate folders — yikes!Overall I’m very pleased with my transition and probably won’t be moving back (or away) any time soon. If you have any tips on Gmail usage or any other Greasemonkey scripts I should be looking at, drop me an email or leave a comment.To sign-up for Google Apps, you can use the following link (referral):