Online identity is a ticking time bomb. Are trustworthy, open-source solutions ready to disarm it? Or will we be stuck with lackluster, proprietary systems?