OpenID and human nature means that most peolpe will use the same URI for most sites, making it easy to track them and thereby eroding their privacy. An alternative is to disclose your identity provider, but not your identity. Essentially, you get your identity provider to provide credentials bound to the session id. However, a bigger issue remains, how do we avoid websites requiring the use of just a tiny handful of giant corporate identity providers. Certificate chains could provide a solution, e.g. enabling a website in Nebraska to accept the Swedish government as an identity provider. This raises significant social issues on an international scale.