There’s no identity on the Internet
You can be an anonymous comment troll, claiming every single video on YouTube is the worst piece of film you have ever-ever seen (even worse than Batman & Robin!). How can anyone tell you are posting the same comment on every video? Or that you are, in fact, both sideshowkid1982 and hornyteen19?
Even worse, you can impersonate another person. You can buy a domain cleverly named after Steve Jobs, Bill Gates, Bill Clinton or your next door neighbor, where you can cause all sorts of grief. Anything from stealing some searches and making a few bucks on ads, all the way to impersonating and dominating their public image (easier when your target isn’t famous). Next, open a fake Facebook profile, maybe throw a couple of nasty comments in this or that site posing as them, and presto, you have a PR disaster waiting to happen.
For those who don’t know us, our reputation is what comes up in Google when they type in our name.
Since there’s no escrow service for identity, there’s a problem claiming assets on the internet. I can’t prove I really am me. There are several people with my name walking on planet earth. Are they mad at me for stealing their identity? For being first on Google?
It’s one of those hard problems, that no one seems to know how to handle. Technorati, the blog index, wants me to publish a post with a unique gibberish key they provide, such as this one:
Does this prove I am the writer of this blog? Somewhat. Does this prove I am who I claim to be? Hardly.
In Cyberspace No One Can Hear You Scream
OpenId and other Authentication Services are a short step in the direction of creating a single sign-on to the Internet. It’s a way of connecting your Google Profile and your StackOverflow account. Supposedly, it leaves password security to a relatively small and trusted group of identity providers, and I have to memorize fewer username-password combinations.
I have several problems with this solution:
- There’s a real threat to OpenId. A clever hacker finds a way to reset the password on your OpenId provider, and your done. Dead to the Internet. All you street cred is gone (and worse – is your credit card number saved on any of these sites? You may lose real money, too). For a solution to be viable it has to be extremely secure. I’m talking fingerprint-DNA-retina-scanner secure. Something your country will be proud to use instead of its current identification system.
- Each of the big Internet companies is an identity provider of its own.You have to remember which identity you have used for any particular site. Did I use my Facebook account or my Google account for Posterous? Can’t remember. A solution will require that these profiles be merged or linked together.
- It’s opt-in. Anyone can comment on this blog claiming that they “love this post, it is great, post more on this subject, buy generic Viagra”. Thank you. I value your input. I want to find out where you live and send you flowers. But I can’t. Because you don’t have to tell me who you are, and I have no way of requiring you to, even if I wanted to.
- There’s no claiming of assets. When I buy a house, I register it under my name. When I buy a car, I register it under my name. When I buy a website, I type in a bunch of possibly-fake details on some obscure site. This means that I have to prove again and again that this blog is mine. I’ve had to repeat the process of insert-this-fugly-random-key-somewhere-in-a-blog-post-so-all-your-readers-will-get-an-rss-update-of-a-fugly-random-generated-key-and-hate-you about seven time for different services (mostly analytics and spam related). It is tiresome. And fugly. Please stop.
What About My Privacy
Convenience comes with a cost. Having my biological markers in some database somewhere can be disastrous if the database is broken into. Someone can steal my DNA. They can then pretend to me and frame me for a crime I didn’t commit. Or patent my DNA and sue me for infringement. Or any other idea taken from a really bad 80’s sci-fi movie.
Seriously, though, I’ll be screwed.
Until we really understand what identity is, and how to protect it, memorizing a bunch of passwords isn’t that bad. And you will just have to get these randomly generated keys every once in a while. Don’t blame me. Blame society.