Establishing Identity

I’ve been thinking a lot about identity lately. Not in the psychological sense, but in the sense of establishing that you really are who you say you are. No matter where I turn, I keep stumbling across the issue:

  • Last week I had a dream about being on the run from the law. Fortunately, in the dream I had set up bank account under a fake ID, and I could still withdraw money without triggering any alarm bells.
  • On Sunday evening I was filling out a passport application form for Fiona. In order for the application to be processed, it will have to be countersigned by “a person of standing in the community” (e.g. an accountant, doctor, teacher, etc.) as evidence that I am Fiona’s father and not just some random dude applying for a passport on her behalf.
  • I’ve been looking at the new commenting features in Movable Type 3, and trying to untangle the shambolic mess of tags, script, and settings needed to provide integration with the TypeKey authentication service.

I have often thought about setting up an alternate identity. You know, just in case I might really need to go underground some day. How about you? How far have you gone down that road? In the questions below I’m not talking about nicknames, married/maiden names, names changed by deed poll, or other changes of name where your fundamental identity remains the same.

On-line:

  • Have you set up an email account under a different name?
  • Have you corresponded with other real people through this email account?
  • Have you set up a web site or a blog under that name?
  • Have you posted a comment or written an article on a third-party web site under that name?
  • Have you researched and fleshed out the background of this alternate identity to a greater degree than just name, gender, date of birth, and country of residence?
  • Have you set up a Paypal, or other online money transfer account under this identity?
  • Have you always used an internet café, or an anonymising proxy server for your online actions under this identity? (So that your actions can’t be traced back to your own internet account?)

Real life:

  • Have you ever rented a mailbox or a storage locker under a different name?
  • Have you ever acquired fake official id documents (drivers license, passport, etc.) under your own or a different name?
  • Have you ever acquired real official id documents (drivers license, passport, etc.) under a different name?
  • Are you acquainted socially or professionally with anyone who knows you under a different name?
  • Have you ever used these fake papers to prove your identity for some purpose?
  • Have you ever acquired a credit card or a bank account under a different name?
  • Have you ever paid for goods or services with funds from this card or account?
  • Have you made sure that there is no link between your real home address and the address in which the alternate identity is registered?

Score one point for every “yes” you had in the On-line section, and three points for every “yes” under Real life.

Although false identities can be used as vehicles for doing harm, neither the on-line actions I noted above, nor their real-life counterparts are in themselves harmful. Yet the real-life actions carry so much more weight, because identity in the real world is a much more serious thing than it is on-line. It’s serious enough that in many places, establishing an alternative identity is a criminal offense.

People are already twigging to the fact that on-line identity can be equally important. Microsoft’s Passport system was mostly intended as a single sign-in mechanism to help users log in to multiple sites without having to remember multiple user IDs and passwords. It tackles the question of identity in a de facto kind of way: by gradually bundling all your systems access into a single login (“passport”), this login becomes your primary on-line identity.

Six Apart’s TypeKey authentication service comes at the problem from the opposite end: from the outset, TypeKey has been all about identity, with single sign-in thrown in almost as a fringe benefit. It is being sold (in a “free” sense) to users as a mechanism for proving that you really are Joe Bloggs. If you leave a comment on blog X, your TypeKey identity can prove to the blog owner (and to other readers) that you are the same Joe Bloggs who left comments on blogs Y and Z.

However, in support of the axiom that on the internet, no-one knows you’re a dog, there is no way for TypeKey to establish that the identity “Joe Bloggs” doesn’t in fact belong to the real-life “Jane Doe”. And conversely, Jane Doe is free to set up multiple TypeKey accounts, so she can also be posting comments as “Adam Smith” and “Mary Robertson” whenever she feels like it.

FOAF and XFN are ways of establishing chains and webs of trust (A trusts B, B trusts C, therefore A trusts C, but possibly to a lesser degree) in a distributed manner. PGP (or GnuPG) public key signing provides a decentralized way of proving an identity, and as such is an alternative to TypeKey, but again with nothing to stop someone from having multiple identities.

As governments become more eager to distribute services on-line, finding a way to extend each individual’s single real-life identity into the on-line space is going to become more and more important. (Hello, biometrics.) Identity is also inextricably tied up with security, the buzzword of the decade, and as such will also be one of the keys to rolling back the tide of spam.

In real life, it is unusual and intuitively suspicious for a person to have multiple identities. On-line, though, it is almost the norm to carry around a different persona for every occasion. The present anonymity of the internet makes this possible. But with an increased focus on identity and security, is this a situation that can continue? Is anonymity a fundamental property of the virtual world, or is it just a passing phenomenon, indicative of the medium’s immaturity? Will it eventually become taboo to represent yourself on-line as anything other than your real-life persona? Or is the freedom to be whomever you choose something that our society is going to accept on a long-term basis?

It keeps me up at night, wondering if now is the last time I’ll be able to feasibly establish a new identity with the low-tech tools at my disposal. If I don’t do it now, will I regret it in twenty years’ time, when the UK has turned into an oppressive totalitarian surveillance state, and my humble blogging attracts the strict attention of the net police?

Okay…straying too far into paranoia there. But you know what I mean. Don’t you?

Comment spam and MT3

The only downside so far of moving to from Movable Type 2.6 to MT3 is the absence of MT-Blacklist for blocking spam comments. I’ve racked up 48 spam comments and trackbacks so far today. This is getting silly, so until I’ve implemented the new commenting registration and approval options in MT3, I’ve disabled comments and trackbacks on the whole of this blog.

Corollary to blogging fundamentals

Never mind why I’m blogging; why are you here? If you don’t know me from real life, or from an online community I’ve hung out in, why are you reading this? I’m not a guru or a celebrity. If you didn’t just end up here via a search engine, why are you interested in what I have to say?

Not that I’m complaining, mind. I’m just curious. Because I do the same thing. I follow the blogs of a number of people I have never met, but who just seem like interesting people. Take Woodge, for example. I’ve never met him, and all I know about him is what I’ve read on his site. I know he has a wee boy about the same age as Alex, and I know he likes some of the same films I do. I enjoy reading his random thoughts, and I smile in parental solidarity when he talks about his kid. Would we have anything to talk about if we got together over a couple of beers? I don’t know.

Likewise Rands, Keith Martin, Frank Schaap, Anders Jacobsen, Rick Horowitz, and a handful of other regular suspects. Okay, so I’ve met Frank, but essentially I’m dipping into the lives of a bunch of complete strangers. For all that I dislike reality TV shows, I sure seem more than happy to partake of the phenomenon over the internet.

Questioning Blogging Fundamentals

An email exchange I had with Woodge a week or two ago has had me thinking about some of the traditional “fundamentals” of blogs and blogging. You see, Woodge doesn’t have comments on his site. He doesn’t archive his old posts, either. Once you get to the bottom of his home page, you’re confronted with the declaration:

“Archives? There ain’t no stinkin’ archives! Older entries are just plain GONE. Too bad if you didn’t get a chance to read ’em. They were really good, too. Not like the crap posted above.”

The first time I read this, I felt a twinge of panic. I’ve ventured into the abyss of catastrophic data loss on two occasions, and both times I was lucky to make it back with only minor injuries. The thought of deliberately throwing away blog postings makes me twitchy.

But this isn’t what Woodge does. He said that he does keep his own archives of (at least some of) the things he has written. They’re just not available as traditional on-line blog archives.

Hmm. Let’s think about this for a moment.

All the main blogging tools take care of archiving automatically. When you write a new entry, it gets its own permalink at the same time it appears on your front page. From that point on, that particular entry has a unique and stable URL that you can bookmark, link to, or email to others. For blogs and sites that have a certain amount of focus, this can be immensely valuable. The abreviation “URL” stands for Uniform Resource Locator. News items, announcements, technical articles, handy tips and tricks, can all be said to be useful resources on the web.

But what about all the fluffy little entries that litter unfocused, personal blogs like mine? “Today I went to the park with Alex. We had a nice time.” Entries like this are of interest to my friends and family, but only for a limited time. They can’t really be said to be a permanent resource to anyone but myself (as souvenir memories), my kids (when they’re older and want to see what daddy was doing back then in the old days) and crazy blog stalkers who want to obsessively research the minutiae of my everyday life.

I’m starting to think that permalinking everything in sight isn’t a particularly good strategy in the long term. I definitely want to keep writing new blog entries, and I want my personal content management system to store them in a permanent archive, but that doesn’t mean these entries should be permanently visible and Google-able to the rest of the world.

There are blogging tools available that allow you to make a distinction between simple “posts” and longer “articles” (e.g. .Text and Radio Userland). With Movable Type, creating this distinction takes a bit more effort: you can set up two blogs, one for articles and one for postings, and then interleave with with a technique such as the one I described last year. You could then set the “articles” blog to generate entry archives as normal, and tell the “postings” blog to only ever show entries on the front page.

It might be a nice feature, though, if Movable Type had more options available for your “Post Status”. At the moment, you’ve got “Draft” and “Publish”. If I want to remove a published entry from my visible archives once it has outlived its usefulness, then I can set its status back to “Draft”, but that doesn’t capture my intention. Also, MT won’t actually delete the static page that had been created when the entry was originally published, so if anyone has its URL, they can still get at it. Better would be if there was a status of “Retired”, which could remove the page on disk, or could tell your web server to generate an HTTP 410: Gone message.

(Note to self: the MT3 developer contest is still open. Could I slap together a plugin in time for the deadline? Nnngggngngn….Perl…ggahhgg…)

A similar argument can be made about comments. Blogs with a strong subject focus, or with a strong community can generate lots of interesting and on-topic comments. The majority of blog comments I see, however (both here on my own blog and elsewhere), are “me too” posts, or thinly veiled pleas for a reciprocal visit or linkback. “Community” and “discussion” don’t arise on their own–they’re things you have to cultivate. And if you don’t have the time to cultivate and encourage them, and spend the associated time weeding out trolls, rubbish, and spam, then why have the comments form on your blog in the first place? Why not just show your email address, so that anyone who wants to discuss the entry can do so in a more direct manner? And if you want to run a disussion group, why not use bulletin board software?

Taking this line of thinking even further leads to the inevitable question: why am I blogging at all? If I don’t want people link to or comment on something I’ve written, why say it in public in the first place? Why not just scribble in a journal, or rant at Abi over dinner every evening?

The answer for me is at least partly laziness: I find it easier and quicker to write blog entries than to write emails to keep in touch with friends and family. Anyone who wants to know what I’m up to can check the blog. The second part of the answer is that I do occasionally have thoughts or information that I like to think other people might want to share. I put them up here, search engines index them, and sooner or later people start showing up. I don’t aspire to blogging fame, and a readership that hangs on my every word. Fame might sound like fun, but I think it would get rather stressful and annoying after a while.

Finally, I blog because I enjoy it. I like working with blogging tools, in particular Movable Type. Noodling around with HTML and CSS is fun. I like having a corner of the web that is just me, or at least an extension of myself in virtual space. If I meet someone in real life or online, I can point them over here so they can learn a little bit more about me. It’s a calling card and a playground all in one.

Is this reason enough to carry on blogging? I think so. But it might be time to change the format.