Categories
Blogging Movable Type Politics and Economics Ramblings

Establishing Identity

I’ve been thinking a lot about identity lately. Not in the psychological sense, but in the sense of establishing that you really are who you say you are. No matter where I turn, I keep stumbling across the issue:

  • Last week I had a dream about being on the run from the law. Fortunately, in the dream I had set up bank account under a fake ID, and I could still withdraw money without triggering any alarm bells.
  • On Sunday evening I was filling out a passport application form for Fiona. In order for the application to be processed, it will have to be countersigned by “a person of standing in the community” (e.g. an accountant, doctor, teacher, etc.) as evidence that I am Fiona’s father and not just some random dude applying for a passport on her behalf.
  • I’ve been looking at the new commenting features in Movable Type 3, and trying to untangle the shambolic mess of tags, script, and settings needed to provide integration with the TypeKey authentication service.

I have often thought about setting up an alternate identity. You know, just in case I might really need to go underground some day. How about you? How far have you gone down that road? In the questions below I’m not talking about nicknames, married/maiden names, names changed by deed poll, or other changes of name where your fundamental identity remains the same.

On-line:

  • Have you set up an email account under a different name?
  • Have you corresponded with other real people through this email account?
  • Have you set up a web site or a blog under that name?
  • Have you posted a comment or written an article on a third-party web site under that name?
  • Have you researched and fleshed out the background of this alternate identity to a greater degree than just name, gender, date of birth, and country of residence?
  • Have you set up a Paypal, or other online money transfer account under this identity?
  • Have you always used an internet café, or an anonymising proxy server for your online actions under this identity? (So that your actions can’t be traced back to your own internet account?)

Real life:

  • Have you ever rented a mailbox or a storage locker under a different name?
  • Have you ever acquired fake official id documents (drivers license, passport, etc.) under your own or a different name?
  • Have you ever acquired real official id documents (drivers license, passport, etc.) under a different name?
  • Are you acquainted socially or professionally with anyone who knows you under a different name?
  • Have you ever used these fake papers to prove your identity for some purpose?
  • Have you ever acquired a credit card or a bank account under a different name?
  • Have you ever paid for goods or services with funds from this card or account?
  • Have you made sure that there is no link between your real home address and the address in which the alternate identity is registered?

Score one point for every “yes” you had in the On-line section, and three points for every “yes” under Real life.

Although false identities can be used as vehicles for doing harm, neither the on-line actions I noted above, nor their real-life counterparts are in themselves harmful. Yet the real-life actions carry so much more weight, because identity in the real world is a much more serious thing than it is on-line. It’s serious enough that in many places, establishing an alternative identity is a criminal offense.

People are already twigging to the fact that on-line identity can be equally important. Microsoft’s Passport system was mostly intended as a single sign-in mechanism to help users log in to multiple sites without having to remember multiple user IDs and passwords. It tackles the question of identity in a de facto kind of way: by gradually bundling all your systems access into a single login (“passport”), this login becomes your primary on-line identity.

Six Apart’s TypeKey authentication service comes at the problem from the opposite end: from the outset, TypeKey has been all about identity, with single sign-in thrown in almost as a fringe benefit. It is being sold (in a “free” sense) to users as a mechanism for proving that you really are Joe Bloggs. If you leave a comment on blog X, your TypeKey identity can prove to the blog owner (and to other readers) that you are the same Joe Bloggs who left comments on blogs Y and Z.

However, in support of the axiom that on the internet, no-one knows you’re a dog, there is no way for TypeKey to establish that the identity “Joe Bloggs” doesn’t in fact belong to the real-life “Jane Doe”. And conversely, Jane Doe is free to set up multiple TypeKey accounts, so she can also be posting comments as “Adam Smith” and “Mary Robertson” whenever she feels like it.

FOAF and XFN are ways of establishing chains and webs of trust (A trusts B, B trusts C, therefore A trusts C, but possibly to a lesser degree) in a distributed manner. PGP (or GnuPG) public key signing provides a decentralized way of proving an identity, and as such is an alternative to TypeKey, but again with nothing to stop someone from having multiple identities.

As governments become more eager to distribute services on-line, finding a way to extend each individual’s single real-life identity into the on-line space is going to become more and more important. (Hello, biometrics.) Identity is also inextricably tied up with security, the buzzword of the decade, and as such will also be one of the keys to rolling back the tide of spam.

In real life, it is unusual and intuitively suspicious for a person to have multiple identities. On-line, though, it is almost the norm to carry around a different persona for every occasion. The present anonymity of the internet makes this possible. But with an increased focus on identity and security, is this a situation that can continue? Is anonymity a fundamental property of the virtual world, or is it just a passing phenomenon, indicative of the medium’s immaturity? Will it eventually become taboo to represent yourself on-line as anything other than your real-life persona? Or is the freedom to be whomever you choose something that our society is going to accept on a long-term basis?

It keeps me up at night, wondering if now is the last time I’ll be able to feasibly establish a new identity with the low-tech tools at my disposal. If I don’t do it now, will I regret it in twenty years’ time, when the UK has turned into an oppressive totalitarian surveillance state, and my humble blogging attracts the strict attention of the net police?

Okay…straying too far into paranoia there. But you know what I mean. Don’t you?

5 replies on “Establishing Identity”

why does everything have to be so complicated? I know you’re right, that all this will have to be sorted out, but it sure gives me a headache.

I see you unplugged comments and they are plugged back in now, but without TypePad (right? I’m commenting, and I haven’t signed up with TypePad). Did you find some other way to fix the spam problem?

I’m not budging from MT 2.6 until MTBlacklist is available for 3.0.

Gecko–that’s North Korea you’re thinking of. NK, not UK. It’s an easy mistake to make.

Sara–at the moment I’m only allowing comments on the most recent entries. Everything else is closed off. This gives comment spammers a much smaller target to fire at. I’ve been considering TypeKey integration, but it is hellish difficult to set up, and it has left me wondering why I should put up with the hassle. MT-Blacklist is a more valuable option, I think, and I’m sure looking forward to it being available for MT3…

My theory is that if you want to remain anonymous, you should never, ever, publish your email or name on the Internet. Not even owing a domain name.

When I started using the Intenet, almost a decade ago, it was just for chatting in chat rooms. I think the first time my name appeared was when I had my own profile published for that chat room. The first time I ever used Riri online.

Then I started posting questions on newsgroups, using my work email address, because these were work related questions. Then I got my own domain, using guess what? My last name. The anonimity was over. Whoever wants to know my name, where I live, where I studied, with whom I am freinds with, my phone number, it’s all there. Using a pseudonym is just a form of remaining close to the roots, and it even sounds better than my real name… to me. Because english speaking people have no clue how to pronounce it.

You really have to think carefully which identity to use. I bet noone thought about it a decade ago. If you want to be anonymous, it’s too late anyway. Think about it before you say something nasty about your mother in law.

Comments are closed.