Posts

Posted on

Establishing Identity

I’ve been thinking a lot about identity lately. Not in the psychological sense, but in the sense of establishing that you really are who you say you are. No matter where I turn, I keep stumbling across the issue:

  • Last week I had a dream about being on the run from the law. Fortunately, in the dream I had set up bank account under a fake ID, and I could still withdraw money without triggering any alarm bells.
  • On Sunday evening I was filling out a passport application form for Fiona. In order for the application to be processed, it will have to be countersigned by “a person of standing in the community” (e.g. an accountant, doctor, teacher, etc.) as evidence that I am Fiona’s father and not just some random dude applying for a passport on her behalf.
  • I’ve been looking at the new commenting features in Movable Type 3, and trying to untangle the shambolic mess of tags, script, and settings needed to provide integration with the TypeKey authentication service.

I have often thought about setting up an alternate identity. You know, just in case I might really need to go underground some day. How about you? How far have you gone down that road? In the questions below I’m not talking about nicknames, married/maiden names, names changed by deed poll, or other changes of name where your fundamental identity remains the same.

On-line:

  • Have you set up an email account under a different name?
  • Have you corresponded with other real people through this email account?
  • Have you set up a web site or a blog under that name?
  • Have you posted a comment or written an article on a third-party web site under that name?
  • Have you researched and fleshed out the background of this alternate identity to a greater degree than just name, gender, date of birth, and country of residence?
  • Have you set up a Paypal, or other online money transfer account under this identity?
  • Have you always used an internet café, or an anonymising proxy server for your online actions under this identity? (So that your actions can’t be traced back to your own internet account?)

Real life:

  • Have you ever rented a mailbox or a storage locker under a different name?
  • Have you ever acquired fake official id documents (drivers license, passport, etc.) under your own or a different name?
  • Have you ever acquired real official id documents (drivers license, passport, etc.) under a different name?
  • Are you acquainted socially or professionally with anyone who knows you under a different name?
  • Have you ever used these fake papers to prove your identity for some purpose?
  • Have you ever acquired a credit card or a bank account under a different name?
  • Have you ever paid for goods or services with funds from this card or account?
  • Have you made sure that there is no link between your real home address and the address in which the alternate identity is registered?

Score one point for every “yes” you had in the On-line section, and three points for every “yes” under Real life.

Although false identities can be used as vehicles for doing harm, neither the on-line actions I noted above, nor their real-life counterparts are in themselves harmful. Yet the real-life actions carry so much more weight, because identity in the real world is a much more serious thing than it is on-line. It’s serious enough that in many places, establishing an alternative identity is a criminal offense.

People are already twigging to the fact that on-line identity can be equally important. Microsoft’s Passport system was mostly intended as a single sign-in mechanism to help users log in to multiple sites without having to remember multiple user IDs and passwords. It tackles the question of identity in a de facto kind of way: by gradually bundling all your systems access into a single login (“passport”), this login becomes your primary on-line identity.

Six Apart’s TypeKey authentication service comes at the problem from the opposite end: from the outset, TypeKey has been all about identity, with single sign-in thrown in almost as a fringe benefit. It is being sold (in a “free” sense) to users as a mechanism for proving that you really are Joe Bloggs. If you leave a comment on blog X, your TypeKey identity can prove to the blog owner (and to other readers) that you are the same Joe Bloggs who left comments on blogs Y and Z.

However, in support of the axiom that on the internet, no-one knows you’re a dog, there is no way for TypeKey to establish that the identity “Joe Bloggs” doesn’t in fact belong to the real-life “Jane Doe”. And conversely, Jane Doe is free to set up multiple TypeKey accounts, so she can also be posting comments as “Adam Smith” and “Mary Robertson” whenever she feels like it.

FOAF and XFN are ways of establishing chains and webs of trust (A trusts B, B trusts C, therefore A trusts C, but possibly to a lesser degree) in a distributed manner. PGP (or GnuPG) public key signing provides a decentralized way of proving an identity, and as such is an alternative to TypeKey, but again with nothing to stop someone from having multiple identities.

As governments become more eager to distribute services on-line, finding a way to extend each individual’s single real-life identity into the on-line space is going to become more and more important. (Hello, biometrics.) Identity is also inextricably tied up with security, the buzzword of the decade, and as such will also be one of the keys to rolling back the tide of spam.

In real life, it is unusual and intuitively suspicious for a person to have multiple identities. On-line, though, it is almost the norm to carry around a different persona for every occasion. The present anonymity of the internet makes this possible. But with an increased focus on identity and security, is this a situation that can continue? Is anonymity a fundamental property of the virtual world, or is it just a passing phenomenon, indicative of the medium’s immaturity? Will it eventually become taboo to represent yourself on-line as anything other than your real-life persona? Or is the freedom to be whomever you choose something that our society is going to accept on a long-term basis?

It keeps me up at night, wondering if now is the last time I’ll be able to feasibly establish a new identity with the low-tech tools at my disposal. If I don’t do it now, will I regret it in twenty years’ time, when the UK has turned into an oppressive totalitarian surveillance state, and my humble blogging attracts the strict attention of the net police?

Okay…straying too far into paranoia there. But you know what I mean. Don’t you?

Posted on

Movable Type Database Backups

I have finally got our database backups running here on Sunpig. Our site is made up of half a dozen Movable Type blogs and a couple of phpBB forums. There are a bunch of photos scattered around the site, but apart from that, most all of the text content resides in a single MySQL database. (Abi’s BookWeb is the notable exception.) Even if all of the pages on sunpig.com were accidentally deleted, we could regenerate about 90% of them by reinstalling the basic MT and phpBB applications, and restoring that master database. So it’s quite important that we keep it safe.

I’ve knocked together a little perl script that runs as a cron job every night. It produces a backup of the database, compresses it to save space, and then stores the file somewhere safe (i.e. not in our webroot). It tags the file with the weekday name (“mon”, “tue”, etc.), so these files only last seven days before they get overwritten with newer versions. They will mostly be useful in case the live database becomes corrupted, or if I do something stupid, like accidentally delete a blog. (It does happen, you know.)

Then, once a week, the script takes the backup file it has produced, and uses FTP to transfer a copy to a different server half-way around the world. The remote file gets tagged with the full date in YYYYMMDD format, so they don’t get overwritten. I’ve only got 30MB of space on this other server, and the gzipped backup files are about 2MB each, so I’ll have to do a manual download and archive of these files every three months or so. Still, this is a vast improvement over manual backups on a “whenever I remember” basis.

In case you’re interested, here is the script:

dbbackup.pl

Posted on

Comment spam and MT3

The only downside so far of moving to from Movable Type 2.6 to MT3 is the absence of MT-Blacklist for blocking spam comments. I’ve racked up 48 spam comments and trackbacks so far today. This is getting silly, so until I’ve implemented the new commenting registration and approval options in MT3, I’ve disabled comments and trackbacks on the whole of this blog.

Posted on

Crypto “Duh”

I’ve been developing web applications since 1998, but it was only a couple of weeks ago that one of the fundamental aspects of SSL (Secure Sockets Layer) really clicked into place for me: during an SSL session, the traffic is encrypted with a symmetric algorithm. SSL only uses an asymmetric (public key) algorithm during the session handshake in order to securely exchange the symmetric key for the rest of the session. The bulk of the SSL session is therefore optimised for speed, while the key exchange (the most vulnerable part) is optimized for security. Clever.

I can already see Spence shaking his head in disbelief that I hadn’t known this. My only excuse is that I’ve spent most of my time on inward-facing web apps, rather than public, internet-facing ones. (Not much of an excuse, though, I know.)

While I’m in a confessional mood, I might as well admit that the technique of salting hashes for increased security in storing passwords had passed me by until recently, too.

The real cleverness of salting hashes is not the technique itself, but the recognition of why it’s important. You could just take the attitude that if an attacker has got access to your database, then they can do whatever they like with it anyway, so why bother further encrypting the passwords you store in it? The problem with this is that most people re-use the same password in multiple places. So if an attacker gets hold of someone’s password for their blog, say, then chances are they can use it to also gain access to that person’s email or online banking account.

I’ll take this opportunity to recommend again the Password Safe tool, which removes the burden of having to memorize dozens of different passwords. Go get it, and start using it. If you’re not a computer expert, it’s difficult to spot where the weakest link is in any security chain. Password Safe, at least, will help to make sure it’s not you.

Posted on

They don’t stay young for long

It’s Alex’s last day in the Toddler Room at his nursery today. From next week, he’ll be in the Pre-School Room. He’s only three, and he won’t be starting primary school until 2006, but it still shows what a big boy he is, and how quickly he is growing up.

And as I carried Fiona into the Baby Room, she was holding herself almost upright in my arms, and looking from side to side like a startled meerkat. No more flopping against my chest because she lacks the muscle control to keep her head up. She can’t quite sit upright on her own yet, but she’s probably only a few weeks away from that milestone, too. And then she’ll be rolling and crawling and climbing up stairs…